PYSEC-2021-145

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/quokka/PYSEC-2021-145.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2021-145
Aliases
Published
2021-08-16T18:15:00Z
Modified
2023-11-08T04:02:44.528111Z
Summary
[none]
Details

XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'.

References

Affected packages

PyPI / quokka

Package

Name
quokka
View open source insights on deps.dev
Purl
pkg:pypi/quokka

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.0.1.dev84
0.1.0
0.2.0
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.6.dev1
0.3.7.dev1
0.4.0
0.4.1.dev6
0.4.1.dev22

Database specific

source 
"https://github.com/pypa/advisory-database/blob/main/vulns/quokka/PYSEC-2021-145.yaml"