xmltodict XML Injection Vulnerability in Version 0.14.2

A vulnerability allowing XML injection has been identified in xmltodict version 0.14.2. This issue arises because the library directly uses dictionary keys from user input as XML tag names in the '_emit' function, without any validation or sanitization. As a result, attackers can inject arbitrary XML elements or disrupt the structure of the generated XML document by crafting specific dictionary keys.

Impact

Exploitation of this vulnerability allows for classic XML injection, where an attacker can inject malicious XML markup that is not properly validated or sanitized, potentially leading to manipulation of the XML data or disruption of its structure.

Reproduction

The vulnerability can be reproduced by sending a crafted dictionary to a web application that uses 'xmltodict.unparse()'. The dictionary keys should be crafted to include unescaped XML tags, which will be injected into the output XML. This can be done using a minimal Flask server that receives JSON data and passes it to 'xmltodict.unparse()'.