lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.
4.0.0-14.1.0-14.2.0-14.2.1-14.2.1-1ubuntu0.14.2.1-1ubuntu0.24.2.1-1ubuntu0.34.2.1-1ubuntu0.44.2.1-1ubuntu0.64.4.1-14.4.1-1build14.4.2-14.5.0-14.5.0-1ubuntu0.14.5.0-1ubuntu0.24.5.0-1ubuntu0.34.5.0-1ubuntu0.54.6.3+dfsg-0.14.6.4-14.6.4-1ubuntu14.7.1-14.8.0-14.8.0-1build14.9.3-14.9.3-1build14.9.4-15.1.0-15.1.0-1build15.1.0-1build25.2.1-15.3.2-15.4.0-15.4.0-1build16.0.1-16.0.1-16.0.1-1build16.0.2-16.0.2-1build13.2.0-13.3.0~beta2-13.3.0~beta4-13.3.1-13.3.2-13.3.2-1build13.3.3-13.3.3-1ubuntu0.13.3.3-1ubuntu0.23.3.3-1ubuntu0.2+esm1+3 more3.4.4-13.5.0-13.5.0-1build13.5.0-1ubuntu0.13.5.0-1ubuntu0.23.5.0-1ubuntu0.33.5.0-1ubuntu0.43.5.0-1ubuntu0.4+esm2Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:HI:NA:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N