Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-93B221F2D569AF5F3722D62993F1E7DCFormEncode Access Restrictions Bypass
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
81.3%
schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pypi | ml-scanner | * | cpe:2.3:a:pypi:ml-scanner:*:*:*:*:*:pypi:*:* |
| pypi | ml-scanner | 1.0 | cpe:2.3:a:pypi:ml-scanner:1.0:*:*:*:*:pypi:*:* |
References
exchange.xforce.ibmcloud.com/vulnerabilities/43878
github.com/advisories/GHSA-9jp4-68vc-r8wq
github.com/davidfraser/formencode
github.com/pypa/advisory-database/tree/main/vulns/formencode/PYSEC-2009-5.yaml
nvd.nist.gov/vuln/detail/CVE-2008-6547
web.archive.org/web/20080905200034/secunia.com/advisories/31081
web.archive.org/web/20081013102442/secunia.com/advisories/31163
web.archive.org/web/20200228145643/www.securityfocus.com/bid/30282
www.redhat.com/archives/fedora-package-announce/2008-July/msg00607.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
81.3%