The Vulnerability History Project
Vulnerabilities
Insights
Curate
Tags
All
Projects
CWEs
Languages
Lessons
Severities
Subsystems
More
News
Projects We Study
How to Contribute
By the Numbers
About Us
Toggle Theme
Warning: Our website does not support Internet Explorer, please use Edge instead.
[1.4.x] Restrict the XML deserializer to prevent network and entity-expansion DoS attacks.
This is a security fix. Disclosure and advisory coming shortly.
by
Lawrence the Dove 2013-02-12 04:54:53 UTC
commit 1c60d07ba23e0350351c278ad28d0bd5aa410b40
Django
Fix
CVE-2013-1664
Fix
CVE-2013-1665
django/core/serializers/xml_serializer.py
+1
-94
tests/regressiontests/serializers_regress/tests.py
-14
expand_less
The Vulnerability History Project