The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26705
Reference (s):
- https://github.com/darkfoxprime/python-easy_xml/issues/1