Le Thu, 21 Feb 2013 06:05:52 -0500, Jesse Noller <jnoller at gmail.com> a écrit : > On Feb 21, 2013, at 5:32 AM, Antoine Pitrou <solipsis at pitrou.net> > wrote: > > > Le Thu, 21 Feb 2013 11:18:35 +0100, > > Christian Heimes <christian at python.org> a écrit : > >> Am 21.02.2013 08:42, schrieb Antoine Pitrou: > >>> Sure, but in many instances, rebooting a machine is not > >>> business-threatening. You will have a couple of minutes' downtime > >>> and that's all. Which is why the attack must be repeated many > >>> times to be a major annoyance. > >> > >> Is this business-threatening enough? > >> > >> https://pypi.python.org/pypi/defusedxml#external-entity-expansion-remote > > > > You haven't proved that these were actual threats, nor how they > > actually worked. I'm gonna remain skeptical if there isn't anything > > more precise than "It highly depends on the parser and the > > application what kind of exploit is possible". > > > > Regards > > > > Antoine. > > > > I guess someone need to write a proof of concept exploit for you and > release it into the wild. I don't know whether you are trying to be ironic but, for the record, proof of concepts needn't be "released into the wild" as long as they exist. Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4