Langroid’s `XMLToolMessage` class processes XML input without proper safeguards, enabling XML External Entity (XXE) injection. Attackers can submit malicious XML payloads containing external entity references, leading to denial-of-service (DoS) via quadratic blowup attacks or unauthorized file access. The `lxml` parser, by default, resolves entities and loads external DTDs, allowing attackers to craft payloads like:
<!DOCTYPE bomb [ <!ENTITY a "AAAAAAAAAA"> <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;"> <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> ]> <bomb>&c;</bomb>
This exhausts memory due to exponential expansion. Additionally, XXE can read local files via `file://` URIs.
DailyCVE Form:
Platform: Langroid
Version: <0.53.4
Vulnerability: XXE Injection
Severity: High
Date: 2025-05-05
What Undercode Say:
Exploit:
1. Craft XML with nested entities for DoS:
payload = """<!DOCTYPE bomb [<!ENTITY a "A" 10>...]>"""
2. Exfiltrate files via XXE:
<!DOCTYPE leak [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
Protection:
1. Update Langroid to >=0.53.4.
2. Use `defusedxml`:
from defusedxml.lxml import fromstring
3. Secure `XMLParser` flags:
parser = XMLParser(resolve_entities=False, no_network=True)
Detection:
1. Scan for `XMLToolMessage` usage.
2. Monitor memory spikes during XML parsing.
Mitigation Commands:
pip install langroid==0.53.4
Code Snippet (Secure Parsing):
from lxml import etree parser = etree.XMLParser(resolve_entities=False, dtd_validation=False) safe_xml = etree.fromstring(xml_input, parser=parser)
References:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
