{"id":"PYSEC-2021-145","details":"XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'.","aliases":["CVE-2020-18705","GHSA-4q2r-qxp6-h5j6"],"modified":"2023-11-08T04:02:44.528111Z","published":"2021-08-16T18:15:00Z","references":[{"type":"REPORT","url":"https://github.com/rochacbruno/quokka/issues/676"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-4q2r-qxp6-h5j6"}],"affected":[{"package":{"name":"quokka","ecosystem":"PyPI","purl":"pkg:pypi/quokka"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0.1.dev84","0.1.0","0.2.0","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.6.dev1","0.3.7.dev1","0.4.0","0.4.1.dev22","0.4.1.dev6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/quokka/PYSEC-2021-145.yaml"}}],"schema_version":"1.7.3"}