CVE-2015-0846
django-markupfield < 1.3.2 - Arbitrary File Read via Default RESTRUCTUREDTEXT_FILTER_SETTINGS
Title source: llmDescription
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
https://github.com/jamesturk/django-markupfield/blob/master/CHANGELOG
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3230
Scores
EPSS
0.0179
EPSS Percentile
75.7%
Details
CWE
CWE-200
Status
published
Products (2)
django-markupfield_project/django-markupfield
< 1.3.1
pypi/django-markupfield
0 - 1.3.2PyPI
Published
Apr 24, 2015
Tracked Since
Feb 18, 2026