Django django-markupfield package 'markup. py' Remote File Inclusion Vulnerability
Django django-markupfield package 'markup. py' Remote File Inclusion Vulnerability
Release date:
Updated on:
Affected Systems:
Django django-markupfield <1.3.2
Description:
Bugtraq id: 74233
CVE (CAN) ID: CVE-2015-0846
Django is an open-source Web application framework driven by Python programming language.
In versions earlier than django-markupfield 1.3.2, the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings are used. This vulnerability allows remote attackers to include and read arbitrary files.
<* Source: Markus Holtermann
*>
Suggestion:
Vendor patch:
Django
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://github.com/jamesturk/django-markupfield/blob/master/CHANGELOG
Install Nginx + uWSGI + Django on Ubuntu Server 12.04
Deployment of Django + Nginx + uWSGI
Django tutorial
Build a Django Python MySQL Linux development environment
Django details: click here
Django's: click here
This article permanently updates the link address: