[Python-Dev] cpython (2.7): Issue 17538: Document XML vulnerabilties
Antoine Pitrou
solipsis at pitrou.net
Tue Mar 26 19:41:46 CET 2013
On Tue, 26 Mar 2013 17:53:39 +0100 (CET)
christian.heimes <python-checkins at python.org> wrote:
> +
> +The XML processing modules are not secure against maliciously constructed data.
> +An attacker can abuse vulnerabilities for e.g. denial of service attacks, to
> +access local files, to generate network connections to other machines, or
> +to or circumvent firewalls.
Really? Where does the "access local files, generate network
connections, circumvent firewalls" allegation come from?
Regards
Antoine.
More information about the Python-Dev
mailing list