Crash: xml.etree.ElementTree.Element.find*
with an evil tag's str.__eq__
#126037
Labels
3.12
bugs and security fixes
3.13
bugs and security fixes
3.14
new features, bugs and security fixes
extension-modules
C modules in the Modules dir
topic-XML
type-crash
A hard crash of the interpreter, possibly with a core dump
Crash report
What happened?
Similar to #126033, the following crashes:
Attacked code:
cpython/Modules/_elementtree.c
Lines 1264 to 1275 in dc76a4a
The
findall
andfindtext
methods also suffer from the same vulnerability. I haven't tried to attackElement.iterfind
yet since it delegates to the Python functionElementPath.iterfind
instead.CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Output from running 'python -VV' on the command line:
No response
The text was updated successfully, but these errors were encountered: