PyPI: xml2rfc

SFTY-20240109-82338

Safety legacy ID: pyup.io-63455

Xml2rfc 3.12.4 addresses an issue where affected versions were vulnerable to XSS attacks, allowing script elements in SVG sources. https://github.com/ietf-tools/xml2rfc/commit/df99f948b53ca4836d830ac55ec84eb4023e81dahttps://github.com/advisories/GHSA-cf4q-4cqr-7g7w

PythonPyPI
Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

Xml2rfc 3.12.4 addresses an issue where affected versions were vulnerable to XSS attacks, allowing script elements in SVG sources. https://github.com/ietf-tools/xml2rfc/commit/df99f948b53ca4836d830ac55ec84eb4023e81dahttps://github.com/advisories/GHSA-cf4q-4cqr-7g7w

Advisory

Xml2rfc 3.12.4 addresses an issue where affected versions were vulnerable to XSS attacks, allowing script elements in SVG sources. https://github.com/ietf-tools/xml2rfc/commit/df99f948b53ca4836d830ac55ec84eb4023e81dahttps://github.com/advisories/GHSA-cf4q-4cqr-7g7w

Affected Package

Affecting xml2rfc package, versions
<3.12.4

Also affects

---

How to Fix

Upgrade
xml2rfc
to
3.12.4
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more