#23601 closed Uncategorized (fixed)
Possible side-imports through admindocs
Reported by: | Markus Holtermann | Owned by: | Markus Holtermann |
---|---|---|---|
Component: | contrib.admindocs | Version: | dev |
Severity: | Normal | Keywords: | security |
Cc: | Markus Holtermann | Triage Stage: | Unreviewed |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The ViewDetailView
from django.contrib.admindocs
allows arbitrary imports via user input. However, due to required permissions to open that page this threat is not that high.
Change History (4)
comment:1 Changed 9 years ago by
Has patch: | set |
---|---|
Status: | new → assigned |
comment:2 Changed 9 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note: See
TracTickets for help on using
tickets.
Pull-request: https://github.com/django/django/pull/3305