[Openstack-security] [Bug 1732155] Re: bandit report: use defusedxml to avoid XML attack

OpenStack Infra 1732155 at bugs.launchpad.net
Tue Feb 27 13:25:35 UTC 2018 

** Changed in: cinder
     Assignee: Jane Lee (lijing) => Eric Harney (eharney)

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1732155

Title:
  bandit report: use defusedxml to avoid XML attack

Status in Cinder:
  In Progress
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  According to
  https://docs.openstack.org/bandit/latest/api/bandit.blacklists.html

  Using various XLM methods to parse untrusted XML data is known to be
  vulnerable to XML attacks. Methods should be replaced with their
  defusedxml equivalents.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1732155/+subscriptions

More information about the Openstack-security mailing list