CVE-2021-46849: Improper Restriction of XML External Entity Reference

October 24, 2022

pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing.

References

bugs.gentoo.org/779475
github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst
nvd.nist.gov/vuln/detail/CVE-2021-46849

Detect and mitigate CVE-2021-46849 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →