Description
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Remediation
References
Related Vulnerabilities
WordPress Plugin ZdStatistics Cross-Site Scripting (2.0.1)
WordPress Plugin Companion Revision Manager-Revision Control Unspecified Vulnerability (1.3)
Moodle Improper Input Validation Vulnerability (CVE-2013-2083)
PHP Other Vulnerability (CVE-2007-1399)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)