The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote malicious users to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack cinder folsom - |
||
openstack keystone essex - |
||
openstack folsom - |
||
openstack grizzly - |
||
openstack compute \\(nova\\) essex - |
||
openstack compute \\(nova\\) folsom - |