Lucene search
Veracode Vulnerability DatabaseVERACODE:22391HistoryJan 29, 2020 - 2:27 a.m.
XML Entity Expansion
2020-01-2902:27:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
EPSS
0.003
Percentile
68.5%
feedgen is vulnerable to XML entity expansion. The library allows parsing of XML content into existing XML tree, which would allow an attacker to perform an XML bomb attack resulting in excessive resource consumption leading to an application crash.
References
docs.microsoft.com/en-us/archive/msdn-magazine/2009/november/xml-denial-of-service-attacks-and-defenses
github.com/advisories/GHSA-g8q7-xv52-hf9f
github.com/lkiesow/python-feedgen/commit/f57a01b20fa4aaaeccfa417f28e66b4084b9d0cf
github.com/lkiesow/python-feedgen/security/advisories/GHSA-g8q7-xv52-hf9f
lists.fedoraproject.org/archives/list/[email protected]/message/T6I5ENUYGFNMIH6ZQ62FZ6VU2WD3SIOI/
Related
github
github
Feedgen Vulnerable to XML Denial of Service Attacks
2020-01-28 22:37:50
fedora
fedora
[SECURITY] Fedora 31 Update: python-feedgen-0.9.0-1.fc31
2020-02-08 02:04:43
nessus
nessus
Fedora 31 : python-feedgen (2020-8493201e90)
2020-02-10 00:00:00
osv
osv
CVE-2020-5227
2020-01-28 23:15:12
PYSEC-2020-231
2020-01-28 23:15:00
Feedgen Vulnerable to XML Denial of Service Attacks
2020-01-28 22:37:50
prion
prion
Design/Logic Flaw
2020-01-28 23:15:00
cvelist
cvelist
CVE-2020-5227 Feedgen Vulnerable to XML Denial of Service Attacks
2020-01-28 22:40:14
nvd
nvd
CVE-2020-5227
2020-01-28 23:15:12
openvas
openvas
Fedora: Security Advisory for python-feedgen (FEDORA-2020-8493201e90)
2020-02-08 00:00:00
cve
cve
CVE-2020-5227
2020-01-28 23:15:12