cve/CVE-2013-1665.md at eb8fb22b51df9332dc1ec68d0bcaedfdbefed8cd

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-16 20:27:21 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Biswajit2902/defusedxml-norpc
https://github.com/deepin-community/defusedxml
https://github.com/pexip/os-defusedxml
https://github.com/tiran/defusedxml

942 B Raw Blame History

CVE-2013-1665

Description

POC

Reference

Github

942 B

Raw Blame History