Hi, I would like to report XML External Entity (XXE) vulnerability in latest release.
Description:
XML External Entity (XXE) vulnerability in quokka/utils/atom.py 157 line and auokka/core/content/views.py 94 line, Because there is no filter authors, title.
Steps To Reproduce:
1.Create a article, title and authors can insert XML payload.
2.Open the url:
http://192.168.100.8:8000/author/{author}/index.rsshttp://192.168.100.8:8000/author/{author}/index.atom
can see the title and authors has inserted into the XML.
Hi, I would like to report XML External Entity (XXE) vulnerability in latest release. Description: XML External Entity (XXE) vulnerability in quokka/utils/atom.py 157 line and auokka/core/content/views.py 94 line, Because there is no filter authors, title. Steps To Reproduce: 1.Create a article, title and authors can insert XML payload. 2.Open the url: http://192.168.100.8:8000/author/{author}/index.rss http://192.168.100.8:8000/author/{author}/index.atom can see the title and authors has inserted into the XML.
author by jin.dong@dbappsecurity.com.cn