Information Disclosure

plone is vulnerable to information disclosure. A remotely authenticated manager is able to perform disk I/O through malicious keyword arguments to ReStructuredText transform...

Plone Arbitrary File Write Vulnerability

Plone is an open source content management system CMS built on the Zope application server. An arbitrary file write vulnerability exists in Plone 5.2.4 and earlier versions. A remote attacker can exploit this vulnerability to perform disk I/O via specially crafted keyword arguments converted by...

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

Code injection

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

PYSEC-2021-81

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

PYSEC-2021-81

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

CVE-2021-33509

Plone 5.2.4 and earlier are affected by an arbitrary file-write vulnerability. Remote authenticated managers can cause disk I/O by sending crafted keyword arguments to the ReStructuredText transform in Python scripts, enabling potential file writes to the server. Root cause is exposed via docutil...

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

Lex Li vscode-restructuredtext access control error vulnerability

Lex Li vscode-restructuredtext is a Lex Li open source application. This extension provides rich reStructuredText language support for Visual Studio Code.An access control error vulnerability exists in versions prior to Lex Li vscode-restructuredtext 146.0.0, which stems from the inclusion of an...

CVE-2021-28793

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...

CVE-2021-28793

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...

Improper access control

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...

CVE-2021-28793

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...

CVE-2021-28793

The issue CVE-2021-28793 affects vscode-restructuredtext prior to 146.0.0. An incorrect access control allows a crafted project folder to cause arbitrary binaries to run via a crafted workspace configuration. Multiple sources (Red Hat, CNVD, NVD OSV) corroborate the vulnerability and its impact. ...

Lex Li vscode-restructuredtext 访问控制错误漏洞

Lex Li vscode-restructuredtext is a Lex Li open source application. This extension provides rich reStructuredText language support for Visual Studio Code.An access control error vulnerability exists in versions prior to Lex Li vscode-restructuredtext 146.0.0, which stems from the inclusion of an...

[SECURITY] Fedora 33 Update: gitit-0.13.0.0-4.fc33

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line t ools or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

GitLab: [reStructuredText] XSS in project README files

Hi, While experimenting with parser bypass techniques, I discovered that reStructuredText markup can be used to inject a stored JavaScript payload into a project README.rst file. Steps to Reproduce 1. Create a new GitLab project 2. Initialise the project by creating a README file 3. Set the file...

django-markupfield Arbitrary File Read Vulnerability

Django is the Python programming language driven by an open source model-view-controller style Web application framework. Versions prior to django-markupfield 1.3.2 use the default docutils RESTRUCTUREDTEXTFILTERSETTINGS setting, which allows remote attackers to exploit vulnerabilities to include...

Security notice: Django framework arbitrary file include vulnerability-vulnerability warning-the black bar safety net

In the 4 on 2 1 May, based on the python open source web framework Django released a security Bulletin, saying that in≤1.5 version of Django contrib. markup the package there is any file that contains the vulnerability, the attacker may be by docutils to attack. On docutils The Docutils project i...

Debian: Security Advisory (DSA-2321-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...