[New-bugs-announce] [issue42051] plistlib inherits XML vulnerabilities: we should document them
STINNER Victor
report at bugs.python.org
Fri Oct 16 04:32:10 EDT 2020
New submission from STINNER Victor <vstinner at python.org>:
The XML documentation starts with a red warning:
"Warning: The XML modules are not secure against erroneous or maliciously constructed data. If you need to parse untrusted or unauthenticated data see the XML vulnerabilities and The defusedxml Package sections. "
https://docs.python.org/dev/library/xml.html
I suggest to add the same warning to the plistlib library which uses the XML parser internally to handle XML files.
----------
components: Library (Lib)
messages: 378707
nosy: vstinner
priority: normal
severity: normal
status: open
title: plistlib inherits XML vulnerabilities: we should document them
type: security
versions: Python 3.10, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42051>
_______________________________________
More information about the New-bugs-announce
mailing list