Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yNTI0LWMyZ2YtNWNocs2IuQ

Trac reStructuredText breach of privacy and denial of service vulnerability

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

Permalink: https://github.com/advisories/GHSA-r524-c2gf-5chr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNTI0LWMyZ2YtNWNocs2IuQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 19 days ago

Identifiers: GHSA-r524-c2gf-5chr, CVE-2006-3695
References:

Blast Radius: 0.0

Affected Packages

pypi:trac

Dependent packages: 1
Dependent repositories: 27
Downloads: 3,415 last month
Affected Version Ranges: < 0.9.6
Fixed in: 0.9.6
All affected versions: 0.8.4
All unaffected versions: 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6, 0.12.7, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.17, 1.0.18, 1.0.19, 1.0.20, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.4.1, 1.4.2, 1.4.3, 1.4.4