The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack folsom - |
||
openstack keystone essex - |