https://bugzilla.redhat.com/show_bug.cgi?id=1527789 Bug ID: 1527789 Summary: translate-toolkit: Maliciously crafted .XLF files can result arbitrary file read and potential code exection Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: sfowler(a)redhat.com CC: dwayne(a)translate.org.za, i18n-bugs(a)lists.fedoraproject.org, mfabian(a)redhat.com, mmraka(a)redhat.com, petersen(a)redhat.com translate-toolkit before version 2.2.0 is vulnerable to XML External Entity Execution. An attacker could exploit this by supplying a maliciously crafted .XLF file causing an arbitrary file read or potential arbitrary code execution. References: https://bugzilla.novell.com/show_bug.cgi?id=1073535 https://github.com/translate/translate/pull/3632/files https://hackerone.com/reports/232614 -- You are receiving this mail because: You are on the CC list for the bug.