CVE-2020-18705

描述

XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'.

受影響套件(2)

• PyPI/quokkafrom 0, <= 0.4.0
• PyPI/quokkafrom 0

CVSS 分數

參考連結(6)

• ADVISORYhttps://github.com/advisories/GHSA-4q2r-qxp6-h5j6
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-18705
• PATCHhttps://github.com/rochacbruno/quokka
• WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/quokka/PYSEC-2021-145.yaml
• WEBhttps://github.com/quokkaproject/quokka/pull/679
• WEBhttps://github.com/rochacbruno/quokka/issues/676