aboutsummaryrefslogtreecommitdiff
path: root/python/defusedxml/README
diff options
context:
space:
mode:
Diffstat (limited to 'python/defusedxml/README')
-rw-r--r--python/defusedxml/README7
1 files changed, 7 insertions, 0 deletions
diff --git a/python/defusedxml/README b/python/defusedxml/README
new file mode 100644
index 0000000000000..c1fa82803057f
--- /dev/null
+++ b/python/defusedxml/README
@@ -0,0 +1,7 @@
+The results of an attack on a vulnerable XML library can be fairly dramatic.
+With just a few hundred Bytes of XML data an attacker can occupy several
+Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a
+long time with a small to medium size request. Under some circumstances it is
+even possible to access local files on your server, to circumvent a firewall,
+or to abuse services to rebound attacks to third parties. This library allows
+for XML to be parsed in a manner that avoids these pitfalls.