Switch to defusedxml for xml parsing
xml.etree.ElementTree.fromstring is considered insecure, see: https://docs.python.org/3/library/xml.etree.elementtree.html The defusedxml package contains several Python-only workarounds and fixes for denial of service and other vulnerabilities in Python's XML libraries: https://github.com/tiran/defusedxml Fixes #670pull/691/head
parent
f7e3650728
commit
2a0ad8796c
Loading…
Reference in New Issue