CVE-2023-27476: OWSLib XML Parser Vulnerability Could Allow Arbitrary File Reads

The Open Geospatial Consortium (OGC) is a global organization that focuses on improving the interoperability of geospatial data and services. OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web services interface standards and their related content models. It aims to make it easier to work with geospatial data in Python by providing higher-level abstractions and convenience methods for interacting with OGC services.

Vulnerability Details

CVE-2023-27476 is a high-severity vulnerability that affects OWSLib's XML parser. Specifically, the vulnerability lies in the fact that the XML parser does not disable entity resolution, which could potentially allow an attacker to execute arbitrary file reads from an attacker-controlled XML payload. This issue affects all XML parsing within the OWSLib codebase.

A successful exploitation of this vulnerability could lead to the unauthorized disclosure of sensitive information, which can, in turn, be used to conduct further attacks against the vulnerable system.

The vulnerability has been assigned a CVSS score of 8.8, indicating a high level of severity.

Here is a code snippet to demonstrate a vulnerable implementation

import owslib.etree
from owslib.util import nspath_eval
from owslib.namespaces import Namespaces

def parse(xml_string):
    namespaces = Namespaces()
    try:
        tree = owslib.etree.parseString(xml_string)
    except Exception as e:
        raise ValueError("Error parsing XML: %s" % e)
    
    root = tree.getroot()
    id_attr = nspath_eval('ows:Identifier', namespaces)
    identifier = root.find(id_attr).text

    return identifier

Affected Versions

OWSLib versions prior to .28.1 are vulnerable to this issue.

Solution

The issue has been addressed in OWSLib version .28.1. All users are strongly advised to upgrade their installations to the latest version as soon as possible.

If you cannot upgrade, you can apply a workaround by manually patching the library. Refer to the GitHub Security Advisory (GHSA-8h9c-r582-mggc) for details on the patch.

References

- OWSLib GitHub Repository
- CVE-2023-27476 NVD Entry
- GitHub Security Advisory (GHSA-8h9c-r582-mggc)

Conclusion

In conclusion, the recently discovered CVE-2023-27476 vulnerability poses a significant threat to all users of the OWSLib Python package. To mitigate the risk and protect your systems, it is crucial that you update your OWSLib installation to version .28.1 or apply the available patch immediately.

Timeline

Published on: 03/08/2023 00:15:00 UTC
Last modified on: 06/14/2023 16:15:00 UTC