CVE-2021-23423

MEDIUM

bikeshed < 3.0.0 - Path Traversal via Untrusted Source File Processing

Title source: llm

Description

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output.

References (2)

Core 2

Core References

Exploit, Patch, Third Party Advisory x_refsource_misc

https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537647

Patch, Third Party Advisory x_refsource_misc

https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0111

EPSS Percentile 61.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

bikeshed_project/bikeshed < 3.0.0

pypi/bikeshed 0 - 3.0.0PyPI

Published Aug 16, 2021

Tracked Since Feb 18, 2026