Server-Side Request Forgery (SSRF)
TAXII libtaxii, as used in EclecticIQ OpenTAXII and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser.
Advisories for Pypi/Libtaxii package
2020