PT-2009-2017 · Python · Formencode

Petter Urkedal

Published

2009-03-30

Updated

2022-05-17

CVE-2008-6547

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions FormEncode for Python (python-formencode) version 1.0

Description The issue allows attackers to bypass intended access restrictions via unknown vectors because the chained validators feature is not applied in schema.py.

Recommendations For version 1.0, consider applying the chained validators feature to schema.py to prevent attackers from bypassing access restrictions. As a temporary workaround, review and manually enforce access restrictions to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-6547

GHSA-9JP4-68VC-R8WQ

PYSEC-2009-5

Affected Products

Formencode

PT-2009-2017 · Python · Formencode

CVE-2008-6547

Weakness Enumeration

Related Identifiers

Affected Products

References · 19