Closed drmalex07 closed 9 years ago
We need to make sure everytime an XML is parsed from an external source an XML parser with resolve_entities=False should be passed
parser = etree.XMLParser(resolve_entities=False)
etree.fromstring(e, parser) etree.parse(f, parser)
Fixed. Tested against common injection payloads
Ensure no external (XXE) entities are resolved while parsing XML streams