—
PYSEC-2026-2058
xml2rfc has an arbitrary file read vulnerability
상세
### Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML.
### Workarounds Test untrusted input with `link` elements with `rel="attachment"` before processing.
### Credits This vulnerability was reported by Mohamed Ouad from [Doyensec](https://doyensec.com/).
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/ietf-tools/xml2rfc/security/advisories/GHSA-cfmv-h8fx-85m7 [WEB]
- https://github.com/ietf-tools/xml2rfc/commit/f2b245bc0aeeac0667c8f74e976c466c5991f0e4 [WEB]
- https://github.com/ietf-tools/xml2rfc [PACKAGE]
- https://pypi.org/project/xml2rfc [PACKAGE]
- https://github.com/advisories/GHSA-cfmv-h8fx-85m7 [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2025-11058 [ADVISORY]