Stuart Stent

**Name of the Vulnerable Software and Affected Versions** Python versions 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6 libxml2 versions prior to 2.9.1-r1 **Description** The issue allows remote attackers to cause a denial of service, resulting in resource consumption and crash, via an XML Entity Expansion (XEE) attack. This can lead to disruption of confidentiality, integrity, and availability of protected information. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Python versions 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, consider disabling the XML libraries as a temporary workaround until a patch is available. For libxml2 versions prior to 2.9.1-r1, update to version 2.9.1-r1 or later to resolve the issue. As a general mitigation measure, restrict access to the XML libraries to minimize the risk of exploitation.