PyPI package
quokka
pkg:pypi/quokka
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-18705 | — | <= 0.4.0 | — | Aug 16, 2021 | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'. | ||
| CVE-2020-18703 | — | <= 0.4.0 | — | Aug 16, 2021 | XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'. | ||
| CVE-2020-18702 | — | <= 0.4.0 | — | Aug 16, 2021 | Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'. |
- CVE-2020-18705Aug 16, 2021affected <= 0.4.0
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'.
- CVE-2020-18703Aug 16, 2021affected <= 0.4.0
XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'.
- CVE-2020-18702Aug 16, 2021affected <= 0.4.0
Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'.