XML Injection
Bug #1657139 reported by
Shaik Apsar
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack DBaaS (Trove) |
New
|
Wishlist
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
The xml.dom.minidom module is not secure against maliciously constructed data. If you need to parse untrusted or unauthenticated data see XML vulnerabilities.
Trove code base is using xml.dom.minidom.
Writing unvalidated data into an XML document can allow an attacker to change the structure and contents of the XML.
description: | updated |
information type: | Private Security → Public |
tags: | added: security |
Changed in ossa: | |
status: | Incomplete → Won't Fix |
Changed in trove: | |
importance: | Undecided → Wishlist |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.