CVE-2015-0846

django-markupfield < 1.3.2 - Arbitrary File Read via Default RESTRUCTUREDTEXT_FILTER_SETTINGS

Title source: llm
STIX 2.1

Description

django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3230

Scores

EPSS 0.0179
EPSS Percentile 75.7%

Details

CWE
CWE-200
Status published
Products (2)
django-markupfield_project/django-markupfield < 1.3.1
pypi/django-markupfield 0 - 1.3.2PyPI
Published Apr 24, 2015
Tracked Since Feb 18, 2026