Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05anA0LTY4dmMtcjh3cc4AAawO
FormEncode Access Restrictions Bypass
schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05anA0LTY4dmMtcjh3cc4AAawO
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 3 months ago
Identifiers: GHSA-9jp4-68vc-r8wq, CVE-2008-6547
References:
- https://nvd.nist.gov/vuln/detail/CVE-2008-6547
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43878
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00607.html
- http://sourceforge.net/tracker/download.php?group_id=91231&atid=596416&file_id=271779&aid=1925164
- http://sourceforge.net/tracker/index.php?func=detail&aid=1925164&group_id=91231&atid=596416
- https://web.archive.org/web/20080905200034/http://secunia.com/advisories/31081
- https://web.archive.org/web/20081013102442/http://secunia.com/advisories/31163
- https://web.archive.org/web/20200228145643/http://www.securityfocus.com/bid/30282
- https://github.com/advisories/GHSA-9jp4-68vc-r8wq
Blast Radius: 0.0
Affected Packages
pypi:FormEncode
Dependent packages: 13Dependent repositories: 261
Downloads: 225,984 last month
Affected Version Ranges: = 1.0
Fixed in: 1.0.1
All affected versions: 1.0.1
All unaffected versions: 0.2.1, 0.2.2, 0.5.1, 0.7.1, 1.2.1, 1.2.2, 1.2.4, 1.2.5, 1.2.6, 1.3.0, 1.3.1, 2.0.0, 2.0.1, 2.1.0