2 matches found
nautobot-device-resources (=1.0.0) potentially affected by CVE-2023-48705 via nautobot (=2.0.0)
nautobot PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-device-resources =1.0.0 Source cves: CVE-2023-48705 Source advisory: OSV:PYSEC-2023-285...
CVE-2023-48705
Nautobot CVE-2023-48705 affects all Nautobot versions before 1.6.6 and before 2.0.5. Root cause: incorrect usage of Django’s mark_safe() when rendering certain user-authored content (e.g., custom links, job buttons, computed fields). Impact: attackers with permission to create or edit such conten...