Moderate severityNVD Advisory· Published Apr 3, 2013· Updated Jun 16, 2026
CVE-2013-1664
CVE-2013-1664
Description
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 1.3.0, < 1.3.6 | 1.3.6 |
DjangoPyPI | >= 1.4.0, < 1.4.4 | 1.4.4 |
Affected products
7- cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute_\(nova\)_essex:-:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
14- bugs.launchpad.net/nova/+bug/1100282nvdExploitWEB
- lists.openstack.org/pipermail/openstack-announce/2013-February/000078.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-qrh7-x6fp-c2mpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-1664ghsaADVISORY
- blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.htmlnvdWEB
- bugs.python.org/issue17239nvdWEB
- rhn.redhat.com/errata/RHSA-2013-0657.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-0658.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-0670.htmlnvdWEB
- ubuntu.com/usn/usn-1757-1nvdWEB
- www.openwall.com/lists/oss-security/2013/02/19/2nvdWEB
- www.openwall.com/lists/oss-security/2013/02/19/4nvdWEB
- github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40ghsaWEB
- github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112ghsaWEB
News mentions
0No linked articles in our index yet.