CVE-2020-28502

Posted on 2021년 3월 6일2021년 3월 6일 by admin

CVE-2020-28502

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.

Source: CVE-2020-28502

답글 남기기 응답 취소