—

PYSEC-2023-41

상세

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / pretalx

최초 영향 버전: 0 수정 버전: 60722c43cf975f319e94102e6bff320723776890

수정 pip install --upgrade 'pretalx>=60722c43cf975f319e94102e6bff320723776890'

참고

https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890 [FIX]
https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/ [ARTICLE]
https://github.com/pretalx/pretalx/releases/tag/v2.3.2 [WEB]
https://pretalx.com/p/news/security-release-232/ [WEB]