CVE-2013-1665

Name of the Vulnerable Software and Affected Versions Python versions 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6

Description The issue allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, also known as an XML External Entity (XXE) attack. This affects products using the XML libraries for Python, including OpenStack Keystone Essex and Folsom, and Django.

Recommendations For Python versions 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, consider disabling the XML external entity processing to prevent XXE attacks until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using XML libraries that do not properly validate external entity declarations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.