search

stchris / untangle

Converts XML to Python objects
MIT License
611 stars 83 forks source link

Potential vulnerability through external entities #93

Closed stchris closed 2 years ago

stchris commented 2 years ago

untangle up to version 1.2.0 is vulnerable against external entities being loaded through handcrafted malicious XML.

See https://github.com/tiran/defusedxml#attack-vectors