defusedxml@0.3 vulnerabilities

XML bomb protection for Python stdlib modules

latest version

0.8.0rc2
latest non vulnerable version

0.8.0rc2
first published

12 years ago
latest version published

a year ago
licenses detected
- Python-2.0
  [0,)
View defusedxml package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the defusedxml package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M XML External Entity (XXE) Injection Affected versions of `defusedxml` are vulnerable to XML External Entity (XXE) Injection. The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. How to fix XML External Entity (XXE) Injection? Upgrade `defusedxml` to version 0.4 or higher.	[,0.4)
M Denial of Service (DoS) Affected versions of `defusedxml` are vulnerable to Denial of Service (DoS). The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. How to fix Denial of Service (DoS)? Upgrade `defusedxml` to version 0.4 or higher.	[,0.4)

XML External Entity (XXE) Injection

Affected versions of defusedxml are vulnerable to XML External Entity (XXE) Injection.

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

How to fix XML External Entity (XXE) Injection?

Upgrade defusedxml to version 0.4 or higher.

[,0.4)

Denial of Service (DoS)

Affected versions of defusedxml are vulnerable to Denial of Service (DoS).

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

How to fix Denial of Service (DoS)?

Upgrade defusedxml to version 0.4 or higher.

[,0.4)

Go back to all versions of this package

defusedxml@0.3 vulnerabilities

XML bomb protection for Python stdlib modules

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities