diff options
author | Markus Rinne <markus.ka.rinne@gmail.com> | 2017-11-02 22:34:05 +0000 |
---|---|---|
committer | David Spencer <idlemoor@slackbuilds.org> | 2017-11-03 23:18:37 +0000 |
commit | d4460393ce13da7fe7372a5da0cd6c6eadc82b8e (patch) | |
tree | 02733e51b379b4c779b510c7b4f0312e78dcfde2 /python/defusedxml/README | |
parent | 15fbb173471ec0b17eca1702456a6ef1d2e3feff (diff) |
python/defusedxml: Added (XML bomb protection for Python).
Signed-off-by: David Spencer <idlemoor@slackbuilds.org>
Diffstat (limited to 'python/defusedxml/README')
-rw-r--r-- | python/defusedxml/README | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/python/defusedxml/README b/python/defusedxml/README new file mode 100644 index 0000000000000..c1fa82803057f --- /dev/null +++ b/python/defusedxml/README @@ -0,0 +1,7 @@ +The results of an attack on a vulnerable XML library can be fairly dramatic. +With just a few hundred Bytes of XML data an attacker can occupy several +Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a +long time with a small to medium size request. Under some circumstances it is +even possible to access local files on your server, to circumvent a firewall, +or to abuse services to rebound attacks to third parties. This library allows +for XML to be parsed in a manner that avoids these pitfalls. |