Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-1152-1 | New trac packages fix information disclosure |
![]() |
EUVD-2006-0004 | Trac before 0.9.6 does not disable the \"raw\" or \"include\" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. |
![]() |
GHSA-r524-c2gf-5chr | Trac reStructuredText breach of privacy and denial of service vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-07T18:39:53.571Z
Reserved: 2006-07-18T00:00:00
Link: CVE-2006-3695

No data.

Status : Deferred
Published: 2006-07-21T14:03:00.000
Modified: 2025-04-03T01:03:51.193
Link: CVE-2006-3695

No data.

No data.