2 matches found
EUVD-2022-3302
Malicious code in bioql PyPI...
XML Entity Expansion vulnerability in Sitemap parser
Description There is an XML entity expansion billion laughs vulnerability in the sitemap parser. When accessing a malicious Sitemap XML, this results in a Denial of Service. Vulnerable class: import urllib.request import xml.etree.ElementTree as ET from typing import List from...