Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
django-markupfield Arbitrary File Read
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-0846
- https://github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3
- https://github.com/jamesturk/django-markupfield/blob/1.3.3/CHANGELOG
- https://github.com/jamesturk/django-markupfield/blob/master/CHANGELOG
- https://github.com/pypa/advisory-database/tree/main/vulns/django-markupfield/PYSEC-2015-12.yaml
- https://www.djangoproject.com/weblog/2015/apr/21/docutils-security-advisory
- http://www.debian.org/security/2015/dsa-3230
Пакеты
Наименование
django-markupfield
pip
Затронутые версииВерсия исправления
< 1.3.2
1.3.2
Связанные уязвимости
ubuntu
почти 11 лет назад
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.
nvd
почти 11 лет назад
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.
debian
почти 11 лет назад
django-markupfield before 1.3.2 uses the default docutils RESTRUCTURED ...