[Python-Dev] cpython (2.7): Issue 17538: Document XML vulnerabilties (original) (raw)
Donald Stufft donald at stufft.io
Tue Mar 26 19:57:37 CET 2013
- Previous message: [Python-Dev] cpython (2.7): Issue 17538: Document XML vulnerabilties
- Next message: [Python-Dev] cpython (2.7): Issue 17538: Document XML vulnerabilties
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mar 26, 2013, at 2:41 PM, Antoine Pitrou <solipsis at pitrou.net> wrote:
On Tue, 26 Mar 2013 17:53:39 +0100 (CET) christian.heimes <python-checkins at python.org> wrote:
+ +The XML processing modules are not secure against maliciously constructed data. +An attacker can abuse vulnerabilities for e.g. denial of service attacks, to +access local files, to generate network connections to other machines, or +to or circumvent firewalls. Really? Where does the "access local files, generate network connections, circumvent firewalls" allegation come from?
https://pypi.python.org/pypi/defusedxml#external-entity-expansion-remote
https://pypi.python.org/pypi/defusedxml#external-entity-expansion-local-file
https://pypi.python.org/pypi/defusedxml#dtd-retrieval
Regards Antoine.
Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/donald%40stufft.io
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20130326/2823df91/attachment.pgp>
- Previous message: [Python-Dev] cpython (2.7): Issue 17538: Document XML vulnerabilties
- Next message: [Python-Dev] cpython (2.7): Issue 17538: Document XML vulnerabilties
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]