Tag
lxml versions before 6.1.0 are vulnerable to XML External Entity (XXE) attacks when using iterparse() or ETCompatXMLParser() with default settings, potentially allowing local file reads.