Synopsis:
python-lxml security updateSummary:
An update for python-lxml is now available for openEuler-20.03-LTS-SP4Description:
\
Security Fix(es):
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.(CVE-2026-41066)Topic:
An update for python-lxml is now available for openEuler-20.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
python-lxml
4.5.2-10.oe2003sp44.5.2-10.oe2003sp44.5.2-10.oe2003sp44.5.2-10.oe2003sp44.5.2-10.oe2003sp44.5.2-10.oe2003sp4Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:HI:NA:N7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N