CNNVD-202511-3027 Information

CNNVD ID

CNNVD-202511-3027

Related CVE

CVE-2025-66371

• CNNVD Published: 2025-11-28

Description (Chinese)

Peppol-py是Iteras开源的一个Python库。 Peppol-py 1.1.1之前版本存在代码问题漏洞，该漏洞源于Saxon配置不当，可能导致XXE攻击。

Description (English)

Peppol-py is a Python library of the Iteras Open Source. Pre-Peppol-py 1.1.1 had a code gap, which stemmed from the inappropriate configuration of Saxon and could lead to an XXE attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Iteras

Published

2025-11-28

Last Modified

2026-02-24

References

https://github.com/iterasdev/peppol-py/pull/16 https://github.com/iterasdev/peppol-py/releases/tag/1.1.1 https://access.redhat.com/security/cve/cve-2025-66371

Patch

https://github.com/iterasdev/peppol-py/releases