** Changed in: trove Importance: Undecided => Wishlist -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1657139 Title: XML Injection Status in OpenStack Security Advisory: Won't Fix Status in OpenStack DBaaS (Trove): New Bug description: The xml.dom.minidom module is not secure against maliciously constructed data. If you need to parse untrusted or unauthenticated data see XML vulnerabilities. Trove code base is using xml.dom.minidom. Writing unvalidated data into an XML document can allow an attacker to change the structure and contents of the XML. https://github.com/openstack/trove/blob/129fac7d5374e18a428afa1b5c0259743677222e/trove/common/base_wsgi.py#L509 To manage notifications about this bug go to: https://bugs.launchpad.net/ossa/+bug/1657139/+subscriptions