slackbuilds_ponce/python/defusedxml/README

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred Bytes of XML data an attacker can occupy several
Gigabytes of memory within seconds.  An attacker can also keep CPUs busy for a
long time with a small to medium size request.  Under some circumstances it is
even possible to access local files on your server, to circumvent a firewall,
or to abuse services to rebound attacks to third parties.  This library allows
for XML to be parsed in a manner that avoids these pitfalls.
python/defusedxml: Added (XML bomb protection for Python). Signed-off-by: David Spencer <idlemoor@slackbuilds.org> 2017-11-02 23:34:05 +01:00			`The results of an attack on a vulnerable XML library can be fairly dramatic.`
			`With just a few hundred Bytes of XML data an attacker can occupy several`
			`Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a`
			`long time with a small to medium size request. Under some circumstances it is`
			`even possible to access local files on your server, to circumvent a firewall,`
			`or to abuse services to rebound attacks to third parties. This library allows`
			`for XML to be parsed in a manner that avoids these pitfalls.`