Advisories for Pypi/Docassemble package

2021

Unauthorized access through URL manipulation

Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. Patches The vulnerability has been patched of the master branch of the series, of the stable branch. The Docker image on docker.io has been patched. Workarounds If upgrading is not possible, manually apply the changes of https://github.com/jhpyle/docassemble/commit/e3dbf6ce054b3c0310996f0657289f5eed0a73fe and restart the server (e.g., by pressing Save on the Configuration screen). Credit The vulnerability was …