#23601 closed Uncategorized (fixed)
Possible side-imports through admindocs
| Reported by: | Markus Holtermann | Owned by: | Markus Holtermann |
|---|---|---|---|
| Component: | contrib.admindocs | Version: | dev |
| Severity: | Normal | Keywords: | security |
| Cc: | Markus Holtermann | Triage Stage: | Unreviewed |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The ViewDetailView from django.contrib.admindocs allows arbitrary imports via user input. However, due to required permissions to open that page this threat is not that high.
Change History (4)
comment:1 by , 10 years ago
| Has patch: | set |
|---|---|
| Status: | new → assigned |
comment:2 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Pull-request: https://github.com/django/django/pull/3305