Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. (3.5->3.6)
This commit is contained in:
Guido van Rossum
commit
a0ef768ddf
|
|
@ -60,15 +60,15 @@ circumvent firewalls.
|
|||
The following table gives an overview of the known attacks and whether
|
||||
the various modules are vulnerable to them.
|
||||
|
||||
========================= ======== ========= ========= ======== =========
|
||||
kind sax etree minidom pulldom xmlrpc
|
||||
========================= ======== ========= ========= ======== =========
|
||||
billion laughs **Yes** **Yes** **Yes** **Yes** **Yes**
|
||||
quadratic blowup **Yes** **Yes** **Yes** **Yes** **Yes**
|
||||
external entity expansion **Yes** No (1) No (2) **Yes** No (3)
|
||||
`DTD`_ retrieval **Yes** No No **Yes** No
|
||||
decompression bomb No No No No **Yes**
|
||||
========================= ======== ========= ========= ======== =========
|
||||
========================= ============== =============== ============== ============== ==============
|
||||
kind sax etree minidom pulldom xmlrpc
|
||||
========================= ============== =============== ============== ============== ==============
|
||||
billion laughs **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable**
|
||||
quadratic blowup **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable**
|
||||
external entity expansion **Vulnerable** Safe (1) Safe (2) **Vulnerable** Safe (3)
|
||||
`DTD`_ retrieval **Vulnerable** Safe Safe **Vulnerable** Safe
|
||||
decompression bomb Safe Safe Safe Safe **Vulnerable**
|
||||
========================= ============== =============== ============== ============== ==============
|
||||
|
||||
1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a
|
||||
:exc:`ParserError` when an entity occurs.
|
||||
|
|
|
|||
Loading…
Reference in New Issue