petl before 1.68, in some configurations, allows resolution of entities in an XML document.
References
- https://github.com/petl-developers/petl/security/advisories/GHSA-f5gc-p5m3-v347
- https://nvd.nist.gov/vuln/detail/CVE-2020-29128
- https://github.com/petl-developers/petl/issues/526
- https://github.com/petl-developers/petl/pull/527
- https://github.com/petl-developers/petl/pull/527/commits/1b0a09f08c3cdfe2e69647bd02f97c1367a5b5f8
- https://github.com/nvn1729/advisories/blob/master/cve-2020-29128.md
- https://github.com/petl-developers/petl/compare/v1.6.7…v1.6.8
- https://petl.readthedocs.io/en/stable/changes.html
- https://github.com/advisories/GHSA-69q2-p9xp-739v