—
PYSEC-2006-2
상세
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- http://trac.edgewall.org/wiki/ChangeLog [WEB]
- http://securitytracker.com/id?1016457 [WEB]
- http://www.debian.org/security/2006/dsa-1152 [ADVISORY]
- http://secunia.com/advisories/20958 [ADVISORY]
- http://secunia.com/advisories/21534 [ADVISORY]
- http://www.securityfocus.com/bid/18323 [WEB]
- http://www.vupen.com/english/advisories/2006/2729 [ADVISORY]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27708 [WEB]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27706 [WEB]
- https://github.com/advisories/GHSA-r524-c2gf-5chr [ADVISORY]