mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-24 10:02:29 +01:00
fbbed57cde
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org> |
||
---|---|---|
.. | ||
defusedxml.info | ||
defusedxml.SlackBuild | ||
README | ||
slack-desc |
The results of an attack on a vulnerable XML library can be fairly dramatic. With just a few hundred Bytes of XML data an attacker can occupy several Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a long time with a small to medium size request. Under some circumstances it is even possible to access local files on your server, to circumvent a firewall, or to abuse services to rebound attacks to third parties. This library allows for XML to be parsed in a manner that avoids these pitfalls.