aboutsummaryrefslogtreecommitdiff
path: root/python/defusedxml/README
blob: c1fa82803057f6da1eadf313d95b2b44a52ec508 (plain)
1
2
3
4
5
6
7
The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred Bytes of XML data an attacker can occupy several
Gigabytes of memory within seconds.  An attacker can also keep CPUs busy for a
long time with a small to medium size request.  Under some circumstances it is
even possible to access local files on your server, to circumvent a firewall,
or to abuse services to rebound attacks to third parties.  This library allows
for XML to be parsed in a manner that avoids these pitfalls.