CVE-2009-4405 – trac

Package

Manager: pip
Name: trac
Vulnerable Version: >=0 <0.11.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00572 pctl0.67715

Details

Trac is vulnerable to improper policy checks and missing 'raw' role check in docutils Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6."

Metadata

Created: 2022-05-02T03:54:25Z
Modified: 2024-11-18T21:06:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f9qv-j5g6-g5cr/GHSA-f9qv-j5g6-g5cr.json
CWE IDs: []
Alternative ID: GHSA-f9qv-j5g6-g5cr
Finding: F039
Auto approve: 1