You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 1, 2020. It is now read-only.
Hi, I would like to report XML External Entity (XXE) vulnerability in latest release.
Description:
XML External Entity (XXE) vulnerability in quokka/utils/atom.py 157 line and auokka/core/content/views.py 94 line, Because there is no filter authors, title.
Steps To Reproduce:
1.Create a article, title and authors can insert XML payload.
2.Open the url: http://192.168.100.8:8000/author/{author}/index.rss http://192.168.100.8:8000/author/{author}/index.atom
can see the title and authors has inserted into the XML.
Hi, I would like to report XML External Entity (XXE) vulnerability in latest release.
Description:
XML External Entity (XXE) vulnerability in quokka/utils/atom.py 157 line and auokka/core/content/views.py 94 line, Because there is no filter authors, title.
Steps To Reproduce:
1.Create a article, title and authors can insert XML payload.
2.Open the url:
http://192.168.100.8:8000/author/{author}/index.rss
http://192.168.100.8:8000/author/{author}/index.atom
can see the title and authors has inserted into the XML.
author by [email protected]
The text was updated successfully, but these errors were encountered: