CVE-2020-18702: Cross Site Scripting (XSS) in Quokka

August 30, 2021 (updated October 24, 2024)

Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the ‘Username’ parameter in the component ‘quokka/admin/actions.py’.

References

github.com/advisories/GHSA-5m69-3chg-6f8m
github.com/pypa/advisory-database/tree/main/vulns/quokka/PYSEC-2021-143.yaml
github.com/rochacbruno/quokka
github.com/rochacbruno/quokka/issues/675
nvd.nist.gov/vuln/detail/CVE-2020-18702

Code Behaviors & Features

Detect and mitigate CVE-2020-18702 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →