models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pikepdf_project | pikepdf | * |
| fedoraproject | fedora | 32 |
| fedoraproject | fedora | 33 |