Commits

Christian Heimes  committed aff6dee

added CVE

  • Participants
  • Parent commits 9e66785

Comments (0)

Files changed (1)

 * An attacker can exhaust additional resources on the machine, e.g. with
   requests to a service that doesn't respond or responds with very large
   files.
+* An attacker may gain knowledge, when, how often and from which IP address
+  a XML document is accessed.
 * An attacker could send mail from inside your network if the URL handler
   supports ``smtp://`` URIs.
 
    process inclusion.
 
 
+CVE
+===
+
+CVE-2013-1664:
+  Unrestricted entity expansion induces DoS vulnerabilities in Python XML
+  libraries (XML bomb)
+
+CVE-2013-1665:
+  External entity expansion in Python XML libraries inflicts potential
+  security flaws and DoS vulnerabilities
+
+
 Other things to consider
 ========================