VDB
EN

PYSEC-2026-2057

xml2rfc is vulnerable to arbitrary file reads through prepped files

상세

### Impact

When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML.

### Workarounds

Test untrusted input with `link` elements with `rel="attachment"` before processing.

### References This is related to [GHSA-cfmv-h8fx-85m7](https://github.com/ietf-tools/xml2rfc/security/advisories/GHSA-cfmv-h8fx-85m7).

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / xml2rfc
최초 영향 버전: 0 수정 버전: 3.30.2
수정 pip install --upgrade 'xml2rfc>=3.30.2'

참고