hollalinux
/
slackbuilds
mirror of https://github.com/SlackBuildsOrg/slackbuilds.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
slackbuilds/python/defusedxml
History
Heinz Wiesinger 63daf9f79a All: Support $PRINT_PACKAGE_NAME env var 
Signed-off-by: Heinz Wiesinger <pprkut@slackbuilds.org>
 		2021-07-17 21:55:09 +02:00
..
README python/defusedxml: Added (XML bomb protection for Python). 2017-11-03 23:18:37 +00:00
defusedxml.SlackBuild All: Support $PRINT_PACKAGE_NAME env var 2021-07-17 21:55:09 +02:00
defusedxml.info python/defusedxml: Updated for version 0.7.1. 2021-03-09 08:04:30 +07:00
slack-desc python/defusedxml: Added (XML bomb protection for Python). 2017-11-03 23:18:37 +00:00

README 

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred Bytes of XML data an attacker can occupy several
Gigabytes of memory within seconds.  An attacker can also keep CPUs busy for a
long time with a small to medium size request.  Under some circumstances it is
even possible to access local files on your server, to circumvent a firewall,
or to abuse services to rebound attacks to third parties.  This library allows
for XML to be parsed in a manner that avoids these pitfalls.