Access Restriction Bypass Affecting docassemble package, versions [,1.2.65)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Access Restriction Bypass vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PYTHON-DOCASSEMBLE-1290392
  • published7 May 2021
  • disclosed6 May 2021
  • creditUnknown

Introduced: 6 May 2021

CVE NOT AVAILABLE CWE-284  (opens in a new tab)

How to fix?

Upgrade docassemble to version 1.2.65 or higher.

Overview

docassemble is an A free, open-source expert system for guided interviews and document assembly, based on Python, YAML, and Markdown.

Affected versions of this package are vulnerable to Access Restriction Bypass. This allows attackers to gain unauthorized access to information on the system through URL manipulation.

References

CVSS Scores

version 3.1