Trac reStructuredText breach of privacy and denial of service vulnerability
Moderate severity
GitHub Reviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Apr 29, 2024
Description
Published by the National Vulnerability Database
Jul 21, 2006
Published to the GitHub Advisory Database
May 1, 2022
Reviewed
Apr 29, 2024
Last updated
Apr 29, 2024
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
References