python/defusedxml: Added (XML bomb protection for Python).

Signed-off-by: David Spencer <idlemoor@slackbuilds.org>
author: Markus Rinne <markus.ka.rinne@gmail.com> 2017-11-02 22:34:05 +0000
committer: David Spencer <idlemoor@slackbuilds.org> 2017-11-03 23:18:37 +0000
commit: d4460393ce13da7fe7372a5da0cd6c6eadc82b8e (patch)
tree: 02733e51b379b4c779b510c7b4f0312e78dcfde2 /python/defusedxml/README
parent: 15fbb173471ec0b17eca1702456a6ef1d2e3feff (diff)
download: slackbuilds-d4460393ce13da7fe7372a5da0cd6c6eadc82b8e.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/python/defusedxml/README b/python/defusedxml/README
new file mode 100644
index 0000000000..c1fa828030
--- /dev/null
+++ b/python/defusedxml/README
@@ -0,0 +1,7 @@
+The results of an attack on a vulnerable XML library can be fairly dramatic.
+With just a few hundred Bytes of XML data an attacker can occupy several
+Gigabytes of memory within seconds.  An attacker can also keep CPUs busy for a
+long time with a small to medium size request.  Under some circumstances it is
+even possible to access local files on your server, to circumvent a firewall,
+or to abuse services to rebound attacks to third parties.  This library allows
+for XML to be parsed in a manner that avoids these pitfalls.
author	Markus Rinne <markus.ka.rinne@gmail.com>	2017-11-02 22:34:05 +0000
committer	David Spencer <idlemoor@slackbuilds.org>	2017-11-03 23:18:37 +0000
commit	d4460393ce13da7fe7372a5da0cd6c6eadc82b8e (patch)
tree	02733e51b379b4c779b510c7b4f0312e78dcfde2 /python/defusedxml/README
parent	15fbb173471ec0b17eca1702456a6ef1d2e3feff (diff)
download	slackbuilds-d4460393ce13da7fe7372a5da0cd6c6eadc82b8e.tar.gz