diff options
| author | Shai Berger <shai@platonix.com> | 2025-10-11 21:42:56 +0300 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2025-12-02 09:27:50 -0300 |
| commit | 99e7d22f55497278d0bcb2e15e72ef532e62a31d (patch) | |
| tree | d4749dee8c162590ea5a5a7e0cd118bcb4f22a24 /docs/topics | |
| parent | 479415ce5249bcdebeb6570c72df2a87f45a7bbf (diff) | |
[5.2.x] Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation in XML serializer.
Previously, `getInnerText()` recursively used `list.extend()` on strings,
which added each character from child nodes as a separate list element.
On deeply nested XML content, this caused the overall deserialization
work to grow quadratically with input size, potentially allowing
disproportionate CPU consumption for crafted XML.
The fix separates collection of inner texts from joining them, so that
each subtree is joined only once, reducing the complexity to linear in
the size of the input. These changes also include a mitigation for a
xml.dom.minidom performance issue.
Thanks Seokchan Yoon (https://ch4n3.kr/) for report.
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Backport of 50efb718b31333051bc2dcb06911b8fa1358c98c from main.
Diffstat (limited to 'docs/topics')
| -rw-r--r-- | docs/topics/serialization.txt | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/docs/topics/serialization.txt b/docs/topics/serialization.txt index 1e573e6e1d..e9523e2ac1 100644 --- a/docs/topics/serialization.txt +++ b/docs/topics/serialization.txt @@ -173,6 +173,8 @@ Identifier Information .. _jsonl: https://jsonlines.org/ .. _PyYAML: https://pyyaml.org/ +.. _serialization-formats-xml: + XML --- |