Closed MrLion9 closed 4 years ago
It would be nice to put a link like this with your description, if this is what you mean... https://en.wikipedia.org/wiki/XML_external_entity_attack
Yes, that’s what I meant )
Hello @deeplook will you fix the issue?
Hello @averonesis will you suggest a patch?
@MrLion9, could you have a look at the patch, please?
@claudep yep, looks good, thank you!
I guess you approved through emojis :smile: I reopen, because closing should be done when the patch is merged.
I believe that CVE-2020-10799 was assigned to this issue :)
I pushed both a 0.9.4 release to have a Python 2 compatible release with the fix and a 1.0.0 release which is now Python 2 free.
Hi! I found that I can perform XXE attack (https://en.wikipedia.org/wiki/XML_external_entity_attack) when using svg2rlg function
Code:
Payload (test.svg)