{
  "schema_version": "1.4.0",
  "id": "GHSA-mr5m-8j6x-5qpr",
  "modified": "2022-05-24T17:29:49Z",
  "published": "2022-05-24T17:29:49Z",
  "aliases": [
    "CVE-2020-21524"
  ],
  "details": "There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21524"
    },
    {
      "type": "WEB",
      "url": "https://github.com/halo-dev/halo/issues/423"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "CRITICAL",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-30T18:15:00Z"
  }
}