#1012482 rdflib: URLInputSource can be abused to retrieve arbitrary documents if used naïvely

Package:
src:rdflib
Source:
rdflib
Submitter:
Andrius Merkys
Date:
2022-06-08 06:03:04 UTC
Severity:
critical
Tags:
#1012482#5
Date:
2022-06-08 05:59:13 UTC
From:
To:
Hello,

rdflib will attempt to resolve any URL in @context in POSTed JSON-LD
messages, leading to various probing and DDoS vectors, see the upstream
discussion [1].

[1] https://github.com/RDFLib/rdflib/issues/1844

Andrius