Information Exposure Affecting trac package, versions [,0.11)
Threat Intelligence
EPSS
3.71% (93rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-TRAC-6730109
- published 30 Apr 2024
- disclosed 1 May 2022
- credit Unknown
Introduced: 1 May 2022
CVE-2006-3695 Open this link in a new tabHow to fix?
Upgrade Trac
to version 0.11 or higher.
Overview
Trac is an Integrated SCM, wiki, issue tracker and project environment
Affected versions of this package are vulnerable to Information Exposure due to the improper disabling of the raw
and include
commands in the reStructuredText functionality from docutils. An attacker can read arbitrary files, perform cross-site scripting attacks, or cause a denial of service through unspecified vectors.
References
CVSS Scores
version 3.1