defusedxml: defusedxml (XML bomb protection for Python stdlib modules)
defusedxml:
defusedxml: The results of an attack on a vulnerable XML library can be fairly
defusedxml: dramatic.  With just a few hundred Bytes of XML data an attacker can
defusedxml: occupy several Gigabytes of memory within seconds.  An attacker can
defusedxml: also keep CPUs busy for a long time with a small to medium size
defusedxml: request.  Under some circumstances it is even possible to access local
defusedxml: files on your server, to circumvent a firewall, or to abuse services
defusedxml: to rebound attacks to third parties.  This library allows for XML to
defusedxml: be parsed in a manner that avoids these pitfalls.
defusedxml: