https://bugzilla.redhat.com/show_bug.cgi?id=1527789
Bug ID: 1527789
Summary: translate-toolkit: Maliciously crafted .XLF files can
result arbitrary file read and potential code exection
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: sfowler(a)redhat.com
CC: dwayne(a)translate.org.za,
i18n-bugs(a)lists.fedoraproject.org, mfabian(a)redhat.com,
mmraka(a)redhat.com, petersen(a)redhat.com
translate-toolkit before version 2.2.0 is vulnerable to XML External Entity
Execution. An attacker could exploit this by supplying a maliciously crafted
.XLF file causing an arbitrary file read or potential arbitrary code execution.
References:
https://bugzilla.novell.com/show_bug.cgi?id=1073535
https://github.com/translate/translate/pull/3632/files
https://hackerone.com/reports/232614
--
You are receiving this mail because:
You are on the CC list for the bug.