models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP     metadata entries. (CVE-2021-29421)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-d97bc581be advisory.

  - models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP     metadata entries. (CVE-2021-29421)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-4bf9909a76 advisory.

  - models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP     metadata entries. (CVE-2021-29421)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
243982	Linux Distros Unpatched Vulnerability : CVE-2021-29421	Nessus	Misc.	high
148803	Fedora 32 : python-pikepdf (2021-d97bc581be)	Nessus	Fedora Local Security Checks	high
148792	Fedora 33 : python-pikepdf (2021-4bf9909a76)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2021-29421

high

Tenable Plugins

high

high

high