New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No disabling external entity expansion (XXE) #229
Comments
It would be nice to put a link like this with your description, if this is what you mean... https://en.wikipedia.org/wiki/XML_external_entity_attack |
Yes, that’s what I meant ) |
Hello @deeplook will you fix the issue? |
Hello @averonesis will you suggest a patch? |
@MrLion9, could you have a look at the patch, please? |
@claudep yep, looks good, thank you! |
I guess you approved through emojis 😄 |
I believe that CVE-2020-10799 was assigned to this issue :) |
I pushed both a 0.9.4 release to have a Python 2 compatible release with the fix and a 1.0.0 release which is now Python 2 free. |
Hi! I found that I can perform XXE attack (https://en.wikipedia.org/wiki/XML_external_entity_attack) when using svg2rlg function
Code:
Payload (test.svg)
The text was updated successfully, but these errors were encountered: