Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mOXF2LWo1ZzYtZzVjcs3PZQ
Trac is vulnerable to improper policy checks and missing 'raw' role check in docutils
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6."
Permalink: https://github.com/advisories/GHSA-f9qv-j5g6-g5crJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mOXF2LWo1ZzYtZzVjcs3PZQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 19 days ago
Identifiers: GHSA-f9qv-j5g6-g5cr, CVE-2009-4405
References:
- https://nvd.nist.gov/vuln/detail/CVE-2009-4405
- https://bugzilla.redhat.com/show_bug.cgi?id=542394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54983
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html
- http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE
- https://web.archive.org/web/20130417170303/http://secunia.com/advisories/37901
- https://web.archive.org/web/20130513235205/http://secunia.com/advisories/37807
- https://github.com/advisories/GHSA-f9qv-j5g6-g5cr
Affected Packages
pypi:trac
Dependent packages: 1Dependent repositories: 27
Downloads: 3,415 last month
Affected Version Ranges: < 0.11.6
Fixed in: 0.11.6
All affected versions: 0.8.4, 0.11.1, 0.11.2, 0.11.3, 0.11.4
All unaffected versions: 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6, 0.12.7, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.17, 1.0.18, 1.0.19, 1.0.20, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.4.1, 1.4.2, 1.4.3, 1.4.4