Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yNTI0LWMyZ2YtNWNocs2IuQ
Trac reStructuredText breach of privacy and denial of service vulnerability
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
Permalink: https://github.com/advisories/GHSA-r524-c2gf-5chrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNTI0LWMyZ2YtNWNocs2IuQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 19 days ago
Identifiers: GHSA-r524-c2gf-5chr, CVE-2006-3695
References:
- https://nvd.nist.gov/vuln/detail/CVE-2006-3695
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27708
- http://trac.edgewall.org/wiki/ChangeLog
- http://www.debian.org/security/2006/dsa-1152
- https://web.archive.org/web/20061227230548/http://trac.edgewall.org/wiki/ChangeLog
- https://web.archive.org/web/20140804165436/http://secunia.com/advisories/21534
- https://web.archive.org/web/20140806223337/http://secunia.com/advisories/20958
- https://web.archive.org/web/20200228034827/http://www.securityfocus.com/bid/18323
- https://github.com/advisories/GHSA-r524-c2gf-5chr
Affected Packages
pypi:trac
Dependent packages: 1Dependent repositories: 27
Downloads: 3,415 last month
Affected Version Ranges: < 0.9.6
Fixed in: 0.9.6
All affected versions: 0.8.4
All unaffected versions: 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6, 0.12.7, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.17, 1.0.18, 1.0.19, 1.0.20, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.4.1, 1.4.2, 1.4.3, 1.4.4