HIGH 7.5
PYSEC-2026-847
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS)
Details
DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / mei2volpiano
Introduced in:
0 No fixed version published yet for mei2volpiano (pip). Pin to a known-safe version or switch to an alternative.
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-37189 [ADVISORY]
- https://docs.python.org/3/library/xml.html#xml-vulnerabilities [WEB]
- https://github.com/DDMAL/MEI2Volpiano [WEB]
- https://github.com/DDMAL/MEI2Volpiano/blob/987b70fff991235e682405f901388af0f414eaa8/mei2volpiano/mei2volpiano.py#L59 [WEB]
- https://pyup.io/vulnerabilities/CVE-2022-37189/50928 [WEB]
- https://pypi.org/project/mei2volpiano [PACKAGE]
- https://github.com/advisories/GHSA-6xm7-3cc5-47f9 [ADVISORY]