Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
FormEncode Access Restrictions Bypass
schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-6547
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43878
- https://github.com/pypa/advisory-database/tree/main/vulns/formencode/PYSEC-2009-5.yaml
- https://web.archive.org/web/20080905200034/http://secunia.com/advisories/31081
- https://web.archive.org/web/20081013102442/http://secunia.com/advisories/31163
- https://web.archive.org/web/20200228145643/http://www.securityfocus.com/bid/30282
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00607.html
- http://sourceforge.net/tracker/download.php?group_id=91231&atid=596416&file_id=271779&aid=1925164
- http://sourceforge.net/tracker/index.php?func=detail&aid=1925164&group_id=91231&atid=596416
Пакеты
Наименование
FormEncode
pip
Затронутые версииВерсия исправления
= 1.0
1.0.1
Связанные уязвимости
ubuntu
больше 16 лет назад
schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.
nvd
больше 16 лет назад
schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.
debian
больше 16 лет назад
schema.py in FormEncode for Python (python-formencode) 1.0 does not ap ...