CVE-2015-0846: Exposure of Sensitive Information to an Unauthorized Actor
(updated )
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.
References
- www.debian.org/security/2015/dsa-3230
- github.com/advisories/GHSA-wxmr-7xjv-8xqw
- github.com/jamesturk/django-markupfield/blob/1.3.3/CHANGELOG
- github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3
- nvd.nist.gov/vuln/detail/CVE-2015-0846
- www.djangoproject.com/weblog/2015/apr/21/docutils-security-advisory/
Detect and mitigate CVE-2015-0846 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →