bandit report: use defusedxml to avoid XML attack
Bug #1732155 reported by
Jane Lee
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Won't Fix
|
Wishlist
|
Eric Harney | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
According to https:/
Using various XLM methods to parse untrusted XML data is known to be vulnerable to XML attacks. Methods should be replaced with their defusedxml equivalents.
Changed in cinder: | |
assignee: | nobody → Jane Lee (lijing) |
summary: |
- bandit report: use defusedxml to avoid XML attach + bandit report: use defusedxml to avoid XML attack |
Changed in cinder: | |
importance: | Undecided → Wishlist |
Changed in cinder: | |
assignee: | Sean McGinnis (sean-mcginnis) → Jane Lee (lijing) |
Changed in cinder: | |
assignee: | Jane Lee (lijing) → Eric Harney (eharney) |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
What's the affected code?