quokka@0.3.3 vulnerabilities

Content Management Framework for Python

Direct Vulnerabilities

Known vulnerabilities in the quokka package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

quokka is a Content Management Framework for Python.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Username parameter in the quokka/admin/actions.py component.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for quokka.

[0,)
  • M
XML External Entity (XXE) Injection

quokka is a Content Management Framework for Python.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the quokka/utils/atom.py component. This is due to not filtering the authors and title attributes, and therefore XML payloads can be inserted to them.

How to fix XML External Entity (XXE) Injection?

There is no fixed version for quokka.

[0,)
  • M
XML External Entity (XXE) Injection

quokka is a Content Management Framework for Python.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the quokka/core/content/views.py component. This is due to not filtering the authors and title attributes, and therefore XML payloads can be inserted to them.

How to fix XML External Entity (XXE) Injection?

There is no fixed version for quokka.

[0,)