Skip to content
Projeler
Gruplar
Parçacıklar
Yardım
Yükleniyor...
Oturum aç / Kaydol
Gezinmeyi değiştir
C
cpython
Proje
Proje
Ayrıntılar
Etkinlik
Cycle Analytics
Depo (repository)
Depo (repository)
Dosyalar
Kayıtlar (commit)
Dallar (branch)
Etiketler
Katkıda bulunanlar
Grafik
Karşılaştır
Grafikler
Konular (issue)
0
Konular (issue)
0
Liste
Pano
Etiketler
Kilometre Taşları
Birleştirme (merge) Talepleri
0
Birleştirme (merge) Talepleri
0
CI / CD
CI / CD
İş akışları (pipeline)
İşler
Zamanlamalar
Grafikler
Paketler
Paketler
Wiki
Wiki
Parçacıklar
Parçacıklar
Üyeler
Üyeler
Collapse sidebar
Close sidebar
Etkinlik
Grafik
Grafikler
Yeni bir konu (issue) oluştur
İşler
Kayıtlar (commit)
Konu (issue) Panoları
Kenar çubuğunu aç
Batuhan Osman TASKAYA
cpython
Commits
e1478e4a
Kaydet (Commit)
e1478e4a
authored
Eki 13, 2016
tarafından
Guido van Rossum
Dosyalara gözat
Seçenekler
Dosyalara Gözat
İndir
Eposta Yamaları
Sade Fark
Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes.
üst
4a452352
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
9 additions
and
9 deletions
+9
-9
xml.rst
Doc/library/xml.rst
+9
-9
No files found.
Doc/library/xml.rst
Dosyayı görüntüle @
e1478e4a
...
@@ -60,15 +60,15 @@ circumvent firewalls.
...
@@ -60,15 +60,15 @@ circumvent firewalls.
The following table gives an overview of the known attacks and whether
The following table gives an overview of the known attacks and whether
the various modules are vulnerable to them.
the various modules are vulnerable to them.
========================= ========
========= ========= ========
=========
========================= ========
====== =============== ============== ============== =====
=========
kind sax
etree minidom pulldom
xmlrpc
kind sax
etree minidom pulldom
xmlrpc
========================= ========
========= ========= ========
=========
========================= ========
====== =============== ============== ============== =====
=========
billion laughs **
Yes** **Yes** **Yes** **Yes** **Yes
**
billion laughs **
Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable
**
quadratic blowup **
Yes** **Yes** **Yes** **Yes** **Yes
**
quadratic blowup **
Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable
**
external entity expansion **
Yes** No (1) No (2) **Yes** No
(3)
external entity expansion **
Vulnerable** Safe (1) Safe (2) **Vulnerable** Safe
(3)
`DTD`_ retrieval **
Yes** No No **Yes** No
`DTD`_ retrieval **
Vulnerable** Safe Safe **Vulnerable** Safe
decompression bomb
No No No No **Yes
**
decompression bomb
Safe Safe Safe Safe **Vulnerable
**
========================= ========
========= ========= ========
=========
========================= ========
====== =============== ============== ============== =====
=========
1. :mod:`xml.etree.ElementTree` doesn'
t
expand
external
entities
and
raises
a
1. :mod:`xml.etree.ElementTree` doesn'
t
expand
external
entities
and
raises
a
:
exc
:`
ParserError
`
when
an
entity
occurs
.
:
exc
:`
ParserError
`
when
an
entity
occurs
.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
