Arbitrary File Read Affecting docutils package, versions [0.5, 0.6)


Severity

Recommended
0.0
critical
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.37% (59th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Arbitrary File Read vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PYTHON-DOCUTILS-560328
  • published15 Mar 2020
  • disclosed31 Oct 2019
  • creditUnknown

Introduced: 31 Oct 2019

CVE-2009-5042  (opens in a new tab)
CWE-94  (opens in a new tab)

How to fix?

Upgrade docutils to version 0.6 or higher.

Overview

docutils is a modular system for processing documentation into useful formats, such as HTML, XML, and LaTeX

Affected versions of this package are vulnerable to Arbitrary File Read. It allows an insecure usage of temporary files.

CVSS Base Scores

version 3.1