Vulnerability using xml.etree.ElementTree

in the file https://github.com/chaoss/grimoirelab-perceval/blob/master/perceval/utils.py 

should don't using xml.etree.ElementTree see:
- https://stackoverflow.com/questions/47104413/why-is-xml-etree-elementtree-considered-insecure
- https://docs.python.org/3/library/xml.html#xml-vulnerabilities

you can get this vulnerabilities :
- CVE-2022-25235   
- CVE-2022-22822
- CVE-2022-22824   
- CVE-2022-23852   
- CVE-2022-25236   
- CVE-2022-22823   
- CVE-2022-25315   
- CVE-2022-23990   
- CVE-2022-23219   
- CVE-2022-23218   
- CVE-2019-25013   
- CVE-2021-33574   
- CVE-2013-7445   
- CVE-2021-38300   
- CVE-2021-3752   
- CVE-2021-3520   
- CVE-2021-3737
the correct way going is use the defusedxml Package


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Vulnerability using xml.etree.ElementTree #777

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability using xml.etree.ElementTree #777

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions