CVE-2016-3952

Name of the Vulnerable Software and Affected Versions web2py versions prior to 2.14.1

Description The issue allows remote attackers to obtain environment variable values by making a direct request to "examples/template examples/beautify". This can potentially be leveraged to gain administrative access.

Recommendations For versions prior to 2.14.1, update to version 2.14.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "examples/template examples/beautify" endpoint until the update is applied.