Homepage

pretalx@0.7.1 vulnerabilities

Conference organisation: CfPs, scheduling, much more

  • latest version

    2025.1.0

  • latest non vulnerable version

    2025.1.0

  • first published

    7 years ago

  • latest version published

    1 months ago

  • licenses detected

  • View pretalx package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the pretalx package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Directory Traversal

    pretalx is a Conference organisation: CfPs, scheduling, much more

    Affected versions of this package are vulnerable to Directory Traversal in HTML export (a non-default feature). Users are able to upload crafted HTML documents that trigger the reading of arbitrary files.

    How to fix Directory Traversal?

    Upgrade pretalx to version 2.3.2 or higher.

    [,2.3.2)
    • H
    Directory Traversal

    pretalx is a Conference organisation: CfPs, scheduling, much more

    Affected versions of this package are vulnerable to Directory Traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.

    How to fix Directory Traversal?

    Upgrade pretalx to version 2.3.2 or higher.

    [,2.3.2)
    Go back to all versions of this package