From ${URL}: I am the maintainer of the Perl module MARC::File::XML, which is used by various applications to manipulate a metadata format used by libraries, and would like to request the allocation of a CVE identifier for an XXE vulnerability that is fixed in version 1.0.2 of the module. I have evidence that the vulnerability can be used in at least one F/LOSS integrated library system, Koha, to perform an application-level privilege escalation, and another one, Evergreen, is likely vulnerable to disclosure of the contents of arbitrary files on the server. I am a committer to both of those projects. @maintainers: version bump required.
Guessing this as ~1 due to the priv escalation.
Unaffected version in the tree. Cleanup done. No affected version stable, closed as [noglsa].