4 matches found
CVE-2026-33046
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...
CVE-2026-33046
CVE-2026-33046 affects Indico (event management system) where, in versions prior to 3.3.12, TeXLive/LaTeX sanitizer bypass via specially crafted LaTeX snippets could read local files or execute code with server user privileges when server-side LaTeX rendering is enabled (XELATEX_PATH set). If ser...
Indico discloses local files resulting in Remote Code Execution through LaTeX injection
!NOTE If server-side LaTeX rendering is not in use ie XELATEXPATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...
PT-2026-27251
!NOTE If server-side LaTeX rendering is not in use ie XELATEX PATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...