Description
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Remediation
References
Related Vulnerabilities
Chamilo Other Vulnerability (CVE-2023-34962)
Django CVE-2024-45230 Vulnerability (CVE-2024-45230)
Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2025-24813)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1500)
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)