Theologeek - Manuskript CVE

Filtered by vendor Theologeek Subscribe

Filtered by product Manuskript

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-35196	1 Theologeek	1 Manuskript	2021-06-25	6.8 MEDIUM	7.8 HIGH
DISPUTED Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file.

Vulnerabilities (CVE)