Debian Security Advisory
DLA-206-1 python-django-markupfield -- LTS security update
- Date Reported:
- 20 Apr 2015
- Affected Packages:
- python-django-markupfield
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-0846.
- More information:
-
James P. Turk discovered that the ReST renderer in django-markupfield, a custom Django field for easy use of markup in text fields, didn't disable the ..raw directive, allowing remote attackers to include arbitrary files.