requests-xml icon indicating copy to clipboard operation
requests-xml copied to clipboard

Published 20 hours ago verified publisher icon erinxocon

XML External Entity (XXE)

Open srikanthprathi opened this issue 4 years ago • 0 comments

I would like to report an XML External Entity (XXE) vulnerability in the latest version 0.2.3.

The feature which converts an XML document into a JSON, the module does not validate/sanitizes the external DTD's. Impact: Sensitive Information Disclosure

Please contact me for the POC if required. Thanks.

srikanthprathi avatar Sep 21 '20 15:09 srikanthprathi