XML External Entity Attack in Python Libraries Used by OpenStack and Django
CVE-2013-1665

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
3 April 2013

Summary

The XML libraries across multiple Python versions, including 2.6 to 3.4, used within OpenStack Keystone and Django can be exploited through an XML External Entity (XXE) attack. This vulnerability allows remote attackers to access arbitrary files on the server by crafting malicious XML payloads that exploit entity references. Consequently, this may lead to information leakage and further expose systems relying on these libraries to additional threats.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.