XXE resolve_entities bypass using Parameter Entity

I'd also request a CVE for this bug, if you don't mind

Thanks for reporting this.

As far as I can see, however, there is nothing specific to lxml in this exploit. It only depends on the libxml2 parser (and version). The binary wheels of lxml 5.3.x use libxml2 2.12.x, which allows this. The binary wheels of lxml 6.0 will come with libxml2 2.13.x (or maybe 2.14.x), which prevents this exploit.

Users of source builds or other binary distributions of lxml may or may not run into this, depending on the libxml2 version that they use. The system libxml2 shipped by the Linux distributions that I tried seems to be safe, for example.

So, I'm not sure this is worth a CVE by itself, given that libxml2 already fixed this last summer.

I've been using the latest python docker images for testing and it affects most of them (I'll check on 3.13 a bit later), and for this case it looks like the containered systems and projects, that use lxml from 5 to current are all vulnerable, that's why I find it worth a CVE. I'll take a closer look at libxml2 next week, whether they've closed this bug on purpose or by an accident case.
Thanks for your answer

yep, so all images of python till python:3.13 using `pip install lxml` are vulnerable

It's not about the docker images. They all just download and install the binary wheels of lxml that come from PyPI. Those are vulnerable because they statically include and use libxml2 2.12.10 (2.11.9 on Windows).

So, yeah, it's lxml to blame for shipping these library versions. I'll see that I get a 5.3.3 release out that comes with the latest libxml2 2.13.8. lxml 6.0.0 is going to be too disruptive to require it for this kind of issue.

I released lxml 5.4.0 with binary wheels that ship libxml2 2.13.8. That should resolve this issue.

Thank you for finding and reporting this issue.

Great, I've checked, now it works only if entities are turned on =)