VDB
EN

PYSEC-2026-2058

xml2rfc has an arbitrary file read vulnerability

상세

### Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML.

### Workarounds Test untrusted input with `link` elements with `rel="attachment"` before processing.

### Credits This vulnerability was reported by Mohamed Ouad from [Doyensec](https://doyensec.com/).

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / xml2rfc
최초 영향 버전: 0 수정 버전: 3.30.1
수정 pip install --upgrade 'xml2rfc>=3.30.1'

참고