GoogleOSV:GHSA-WXMR-7XJV-8XQWdjango-markupfield Arbitrary File Read
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.5%
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.
References
www.debian.org/security/2015/dsa-3230
github.com/jamesturk/django-markupfield
github.com/jamesturk/django-markupfield/blob/1.3.3/CHANGELOG
github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3
nvd.nist.gov/vuln/detail/CVE-2015-0846
www.djangoproject.com/weblog/2015/apr/21/docutils-security-advisory
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.5%