-
python-defusedxml-0.4.1-1.lbn19.noarch
The results of an attack on a vulnerable XML library can be fairly dramatic. With just a few hundred Bytes of XML data an attacker can occupy several Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a long time with a small to medium size request. Under some circumstances it is even possible to access local files on your server, to circumvent a firewall, or to abuse services to rebound attacks to third parties.
The attacks use and abuse less common features of XML and its parsers. The majority of developers are unacquainted with features such as processing instructions and entity expansions that XML inherited from SGML. At best they know about <!DOCTYPE> from experience with HTML but they are not aware that a document type definition (DTD) can generate an HTTP request or load a file from the file system.
None of the issues is new. They have been known for a long time. Billion laughs was first reported in 2003. Nevertheless some XML libraries and applications are still vulnerable and even heavy users of XML are surprised by these features. It’s hard to say whom to blame for the situation. It’s too short sighted to shift all blame on XML parsers and XML libraries for using insecure default settings. After all they properly implement XML specifications. Application developers must not rely that a library is always configured for security and potential harmful data by default.
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
-
python-designate-2.0.0-1.lbn19.noarch
Designate is an OpenStack inspired DNSaaS.
This package contains the Designate Python library.
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
-
python-designateclient-2.0.0-1.lbn19.noarch
Client library and command line utility for interacting with Openstack Designate API
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
-
python-django-babel-underscore-0.1.0-1.lbn19.noarch
Implements a underscore extractor for django-babel.
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
-
python-django-celery-3.1.16-1.lbn19.noarch
Old django celery integration project.
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
-
python-django-compressor-1.3-1.fc19.noarch
Django Compressor combines and compresses linked and inline Javascript
or CSS in a Django templates into cacheable static files by using the
``compress`` template tag. HTML in between
``{% compress js/css %}`` and ``{% endcompress %}`` is
parsed and searched for CSS or JS. These styles and scripts are subsequently
processed with optional, configurable compilers and filters.
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
-
python-django-cors-headers-0.13-1.lbn19.noarch
django-cors-headers is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS).
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
-
python-django-countries-3.3-1.lbn19.noarch
Provides a country field for Django models.
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
-
python-django-discover-runner-1.0-3.lbn19.noarch
An alternative Django TEST_RUNNER which uses the unittest2 test discovery
from a base path specified in the settings, or any other module or package
specified to the test management command -- including app tests.
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
-
python-django-extensions-1.2.5-1.lbn19.noarch
Extensions for Django
Located in
LBN
/
…
/
Cloud Computing
/
BastionLinux 19
