Re: Vulnerabilties in FontTools & FontForge

Re: Vulnerabilties in FontTools & FontForge

Open Source Security [[{„value“:“

Posted by Hanno Böck on Mar 08


I was surprised that any library would do this by default in 2024.
According to their webpage, lxml does *not* enable external entity
expansion by default, but changed the default only very recently.
“ Since version 5.x, lxml disables the expansion of external entities
(XXE) by default. If you really want to allow loading external files
into XML documents…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert