The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, the repository URL field is not validated or sanitized, allowing an attacker to supply arbitrary protocols, hostnames, and IP addresses, including localhost, internal network addresses, and local filenames. When the Mercurial version control system is selected, Weblate exposes the …
Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search.
The Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes.
The screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user.
An authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/<name>.json contains an attacker-chosen repo URL pointing at a private address (e.g. http://127.0.0.1:9999/) or using a non-allow-listed scheme (e.g. file://, git://). Weblate persists the component via Component.objects.bulk_create([component])[0], which bypasses Django's full_clean() and therefore never runs the validate_repo_url validator. The URL is subsequently …
When a user changes their password, browser sessions are correctly invalidated via cycle_session_keys(), but DRF API tokens (wlu_* prefix) stored in authtoken_token are not revoked.
The webhook add-on did not utilize existing SSRF protection.
A user with the project.edit permission (granted by the per-project "Administration" role) can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate makes an HTTP request to the attacker-controlled URL and reflects up to 200 characters of the response body back to the user in an error message. This constitutes a Server-Side Request Forgery (SSRF) with partial response read.
The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances.
The user patching API endpoint didn't properly limit the scope of edits.
Weblate repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed when the external path shares the same string prefix as the repository path (for example, repo and repo_outside).
The translation memory API exposed unintended endpoints, which in turn didn't do proper access control.
The translation memory API exposed unintended endpoints, which in turn didn't do proper access control.
The API for tasks didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope.
The ALLOWED_ASSET_DOMAINS setting applied only to the first issued requests and didn't restrict possible redirects.
The ZIP download feature didn't verify downloaded file and it could follow symlinks outside the repository.
Users were able to obtain add-on configuration via API.
The SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add.
The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename.