CVE-2008-6547

FormEncode 1.0 - Improper Input Validation via Chained Validators Bypass

Title source: llm
STIX 2.1

Description

schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30282
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00607.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43878
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/47082
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31163
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31081

Scores

EPSS 0.0149
EPSS Percentile 71.1%

Details

CWE
CWE-20
Status published
Products (2)
formencode/formencode 1.0
pypi/FormEncode 1.0 - 1.0.1PyPI
Published Mar 30, 2009
Tracked Since Feb 18, 2026