CVE-2015-0846: django-markupfield Arbitrary File Read
(updated )
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.
References
- github.com/advisories/GHSA-wxmr-7xjv-8xqw
- github.com/jamesturk/django-markupfield
- github.com/jamesturk/django-markupfield/blob/1.3.3/CHANGELOG
- github.com/jamesturk/django-markupfield/blob/master/CHANGELOG
- github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3
- github.com/pypa/advisory-database/tree/main/vulns/django-markupfield/PYSEC-2015-12.yaml
- nvd.nist.gov/vuln/detail/CVE-2015-0846
- www.djangoproject.com/weblog/2015/apr/21/docutils-security-advisory
Code Behaviors & Features
Detect and mitigate CVE-2015-0846 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →