Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2021-0113

Date: May 20, 2021

Overview

In 'xml4h' PyPi module, versions 0.1.0 through 1.0 are vulnerable to XML External Entity vulnerability as the function `parse()` does not restrict external entities while parsing the specially crafted XML document. Due to this flaw an attacker could read local files by defining an external entity with a file:// URI.

Details

The PyPi module 'xml4h' is vulnerable to XML External Entity vulnerability as the function `parse()` does not restrict external entities while parsing the specially crafted XML document. Due to this flaw an attacker could read local files by defining an external entity with a file:// URI.

PoC Details

The function `parse()` does not restrict external entities while parsing the XML data. By leveraging this flaw, an attacker can read an arbitrary file to retain sensitive information as shown in the POC

PoC Code

import xml4h  doc = xml4h.parse('simple.xml')  print(doc.userInfo.lastName.text)  // simple.xml content:  <!--?xml version="1.0" ?-->  <!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///c:/windows/win.ini"> ]>  <userInfo>  <firstName>John</firstName>  <lastName>&ent;</lastName>  </userInfo>

Affected Environments

0.1.0-1.0

Prevention

No fix

Language: Python

Good to know:

icon
icon

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611
icon

Upgrade Version

No fix version available

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Related Resources (2)

https://github.com/jmurty/xml4h/blob/26a1dfc7c35fc19e310c2d040601caf03c490758/xml4h/impls/lxml_etree.py#L44
https://www.mend.io/vulnerability-database/WS-2021-0113