XML External Entity Attack in Python Libraries Used by OpenStack and Django
CVE-2013-1665
Currently unrated
Summary
The XML libraries across multiple Python versions, including 2.6 to 3.4, used within OpenStack Keystone and Django can be exploited through an XML External Entity (XXE) attack. This vulnerability allows remote attackers to access arbitrary files on the server by crafting malicious XML payloads that exploit entity references. Consequently, this may lead to information leakage and further expose systems relying on these libraries to additional threats.
References
Timeline
Vulnerability published
Vulnerability Reserved