CVE-2013-4202
OpenStack Cinder (Grizzly, 2013.1.3 and earlier) backs up (api/contrib/backups.py) and volume_transfer (contrib/volume_transfer.py) APIs are vulnerable to XML Entity Expansion (XEE) leading to remote DoS (resource consumption and crash). Root cause is an incomplete fix for CVE-2013-1664 in the XM...