diff options
Diffstat (limited to 'python/defusedxml/slack-desc')
| -rw-r--r-- | python/defusedxml/slack-desc | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/python/defusedxml/slack-desc b/python/defusedxml/slack-desc new file mode 100644 index 0000000000..2498c6aa27 --- /dev/null +++ b/python/defusedxml/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +defusedxml: defusedxml (XML bomb protection for Python stdlib modules) +defusedxml: +defusedxml: The results of an attack on a vulnerable XML library can be fairly +defusedxml: dramatic. With just a few hundred Bytes of XML data an attacker can +defusedxml: occupy several Gigabytes of memory within seconds. An attacker can +defusedxml: also keep CPUs busy for a long time with a small to medium size +defusedxml: request. Under some circumstances it is even possible to access local +defusedxml: files on your server, to circumvent a firewall, or to abuse services +defusedxml: to rebound attacks to third parties. This library allows for XML to +defusedxml: be parsed in a manner that avoids these pitfalls. +defusedxml: |