[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)
Christian Heimes christian at python.org
Thu Feb 21 20:12:22 CET 2013
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 21.02.2013 19:39, schrieb Eli Bendersky:
Just to clarify for my own curiosity. These attacks (e.g. http://en.wikipedia.org/wiki/Billionlaughs) have been known and public since 2003?
Correct, see https://pypi.python.org/pypi/defusedxml#synopsis third paragraph. All XML attacks in my analysis are well known for years, billion laughs for about a decade.
As far as I know it's the first time somebody has compiled and published a detailed list of vulnerabilities in Python's XML libraries. However I'm not the only one. OpenStack and Django were contacted by several people in the past few weeks, too.
- Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]