James R. Barlow

1 exploit Active since Apr 2021
CVE-2021-29421 WRITEUP HIGH WRITEUP
pikepdf 1.3.0-2.9.2 - XML External Entity Injection in XMP Metadata Parser
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
CVSS 7.5