Christian Heimes  committed aff6dee

added CVE

  • Participants
  • Parent commits 9e66785

Comments (0)

Files changed (1)

 * An attacker can exhaust additional resources on the machine, e.g. with
   requests to a service that doesn't respond or responds with very large
+* An attacker may gain knowledge, when, how often and from which IP address
+  a XML document is accessed.
 * An attacker could send mail from inside your network if the URL handler
   supports ``smtp://`` URIs.
    process inclusion.
+  Unrestricted entity expansion induces DoS vulnerabilities in Python XML
+  libraries (XML bomb)
+  External entity expansion in Python XML libraries inflicts potential
+  security flaws and DoS vulnerabilities
 Other things to consider