Improper Restriction of XML External Entity Reference
py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.
Advisories for Pypi/Py-Xml package
2023