CVE-2020-18703: Improper Restriction of XML External Entity Reference in Quokka

August 30, 2021 (updated October 16, 2024)

XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component ‘quokka/utils/atom.py’.

References

github.com/advisories/GHSA-3xg5-6c3j-vp8x
github.com/pypa/advisory-database/tree/main/vulns/quokka/PYSEC-2021-144.yaml
github.com/quokkaproject/quokka
github.com/rochacbruno/quokka/issues/676
nvd.nist.gov/vuln/detail/CVE-2020-18703

Detect and mitigate CVE-2020-18703 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →