This repository has been archived by the owner on Oct 1, 2020. It is now read-only.
XML External Entity (XXE) Vulnerability in Latest Release #676
Comments
|
was removed WIP from pr and fixed this issue: |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi, I would like to report XML External Entity (XXE) vulnerability in latest release.
Description:
XML External Entity (XXE) vulnerability in quokka/utils/atom.py 157 line and auokka/core/content/views.py 94 line, Because there is no filter authors, title.
Steps To Reproduce:
1.Create a article, title and authors can insert XML payload.
2.Open the url:
http://192.168.100.8:8000/author/{author}/index.rss
http://192.168.100.8:8000/author/{author}/index.atom
can see the title and authors has inserted into the XML.
author by [email protected]
The text was updated successfully, but these errors were encountered: