[Python-Dev] XML DoS vulnerabilities and exploits in Python
Christian Heimes
christian at python.org
Wed Feb 20 23:06:15 CET 2013
Am 20.02.2013 22:02, schrieb Carl Meyer:
> Also, despite the title of this thread, the vulnerabilities include
> fetching of external DTDs and entities (per standard), which opens up
> attacks that are worse than just denial-of-service. In our initial
> Django release advisory we carelessly lumped the potential XML
> vulnerabilities together under the "DoS" label, and were quickly corrected.
Right, I tried to address both kinds of issues in the title:
XML DoS vulnerabilities and (other XML) exploits
Christian
More information about the Python-Dev
mailing list