7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-26709

GHSA ID

GHSA-j6v2-mwxm-f952

EPSS Score

0.12454%

CWE

CWE-611

Published

6/29/2023

Updated

11/11/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-26709

CVE-2020-26709: py-xml XML External Entity Injection vulnerability

py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-26709

GHSA ID

GHSA-j6v2-mwxm-f952

EPSS Score

0.12454%

CWE

CWE-611

Published

6/29/2023

Updated

11/11/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
py-xml	pip	<= 1.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

py-xml v*.* w*s *is*ov*r** to *ont*in *n XML *xt*rn*l *ntity Inj**tion (XX*) vuln*r**ility w*i** *llows *tt**k*rs to *x**ut* *r*itr*ry *o** vi* * *r**t** XML *il*.

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-26709: py-xml XML External Entity Injection vulnerability

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI