PYSEC-2007-3

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/trac/PYSEC-2007-3.yaml

Aliases

CVE-2007-1406
GHSA-7jjr-3r8r-9pcf

Published

2007-03-10T22:19:00Z

Modified

2024-04-29T15:11:32.354468Z

Details

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.

References

http://trac.edgewall.org/wiki/ChangeLog

Affected packages

PyPI / trac

Package

Name: trac

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.10.3.1

Affected versions

0.*

0.8.4

0.9

0.10