summaryrefslogtreecommitdiffstats
path: root/python/defusedxml/README
blob: 8d12cf852035d69997d412c33ba2bd3939928ebe (about) (plain) (blame)
1
2
3
4
5
6
7
8
The results of an attack on a vulnerable XML library can be fairly
dramatic. With just a few hundred Bytes of XML data an attacker
can occupy several Gigabytes of memory within seconds. An attacker
can also keep CPUs busy for a long time with a small to medium size
request. Under some circumstances it is even possible to access local
files on your server, to circumvent a firewall, or to abuse services
to rebound attacks to third parties. This library allows for XML to
be parsed in a manner that avoids these pitfalls.