XML vulnerabilities in Python · Issue #61441 · python/cpython (original) (raw)
| BPO | 17239 |
|---|---|
| Nosy | @warsaw, @birkenfeld, @rhettinger, @pitrou, @scoder, @larryhastings, @tiran, @benjaminp, @jwilk, @ned-deily, @mcepl, @ezio-melotti, @mitar, @vadmium, @serhiy-storchaka, @zooba |
| PRs | bpo-17239: Disable external entities in SAX parser #9217gh-61441: XML entity expansion limitation #9265[3.7] bpo-17239: Disable external entities in SAX parser (GH-9217) #9511[3.6] bpo-17239: Disable external entities in SAX parser (GH-9217) #9512 |
| Dependencies | bpo-17318: xml.sax and xml.dom fetch DTDs by defaultbpo-24238: Avoid entity expansion attacks in Element Tree |
| Files | xmlbomb_20130219.patchxmlbomb_20150518.patch: Merged to 3.5 |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
assignee = None closed_at = None created_at = <Date 2013-02-19.15:35:41.914> labels = ['type-security', 'expert-XML', '3.8', '3.9', 'extension-modules', '3.7', 'library'] title = 'XML vulnerabilities in Python' updated_at = <Date 2021-11-08.16:56:41.595> user = 'https://github.com/tiran'
bugs.python.org fields:
activity = <Date 2021-11-08.16:56:41.595> actor = 'vstinner' assignee = 'none' closed = False closed_date = None closer = None components = ['Extension Modules', 'Library (Lib)', 'XML'] creation = <Date 2013-02-19.15:35:41.914> creator = 'christian.heimes' dependencies = ['17318', '24238'] files = ['29122', '39415'] hgrepos = [] issue_num = 17239 keywords = ['patch'] message_count = 23.0 messages = ['182393', '184285', '184289', '184387', '185053', '243450', '243469', '243581', '324416', '324685', '325562', '325573', '325586', '325590', '325595', '325610', '325642', '325648', '325702', '325738', '326144', '326228', '326229'] nosy_count = 20.0 nosy_names = ['barry', 'georg.brandl', 'rhettinger', 'pitrou', 'scoder', 'larry', 'christian.heimes', 'benjamin.peterson', 'jwilk', 'ned.deily', 'mcepl', 'ezio.melotti', 'Arfrever', 'eli.bendersky', 'mitar', 'martin.panter', 'serhiy.storchaka', 'franck', 'steve.dower', 'rsandwick3'] pr_nums = ['9217', '9265', '9511', '9512'] priority = 'critical' resolution = None stage = 'patch review' status = 'open' superseder = None type = 'security' url = 'https://bugs.python.org/issue17239' versions = ['Python 3.7', 'Python 3.8', 'Python 3.9']