Note:
This project will be discontinued after December 13, 2021. [more]
2018-11-13
An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed and information may be leaked.
| Products | Charles |
| Type | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) |
| First patch | - None (likely due to unavailable code) |
| Links | https://whitehatck01.blogspot.com/2018/11/charles-427-xml-external-entity.html |