PT-2019-20011 · Indico · Indico

Publicado

2019-10-11

·

Atualizado

2019-10-11

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
Name of the Vulnerable Software and Affected Versions Indico versions prior to 2.2.3 Indico versions prior to 2.1.10
Description A vulnerability in Indico's LaTeX sanitization code allows malicious users to run unsafe LaTeX commands on the server, potentially leading to local file disclosure. For example, an attacker could read local files such as indico.conf. However, it is not possible to write files or execute code using this vulnerability.
Recommendations For Indico versions prior to 2.2.3, update to Indico 2.2.3 as soon as possible. For Indico versions prior to 2.1.10, update to Indico 2.1.10 if updating to 2.2 is not feasible. As a temporary workaround, setting XELATEX PATH = None in indico.conf will prevent the vulnerability from being abused, but this will result in an error when building a PDF.

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

GHSA-67CX-RHHQ-MFHQ

Produtos afetados

Indico