CVE-2020-14942
CRITICALTendenci < 12.0.11 - Deserialization of Untrusted Data in Helpdesk Staff Views
Title source: llmDescription
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/tendenci/tendenci/issues/867
Scores
CVSS v3
9.8
EPSS
0.0134
EPSS Percentile
67.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (2)
pypi/tendenci
0 - 12.0.11PyPI
tendenci/tendenci
12.0.10
Published
Jun 21, 2020
Tracked Since
Feb 18, 2026