Search for packages
| purl | pkg:pypi/docassemble@0.3.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-zkc9-h3cp-5qfz
Aliases: GHSA-qrmm-w4v4-q7f8 GMS-2021-9 |
Unauthorized access through URL manipulation ### Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. ### Patches The vulnerability has been patched in version 1.2.65 of the `master` branch, version 1.1.113 of the 1.1.x series, and version 1.0.12 of the `stable` branch. The Docker image on docker.io has been patched. ### Workarounds If upgrading is not possible, manually apply the changes of https://github.com/jhpyle/docassemble/commit/e3dbf6ce054b3c0310996f0657289f5eed0a73fe and restart the server (e.g., by pressing Save on the Configuration screen). ### Credit The vulnerability was discovered by Jim Platania of Seiso LLC (@jimmio). ### For more information If you have any questions or comments about this advisory: * Open an issue in [docassemble](https://github.com/jhpyle/docassemble/issues) * Join the [Slack channel](https://join.slack.com/t/docassemble/shared_invite/zt-ohrn8y9z-_Fb3RAl~JPBU6Km7odBPfQ) * Email us at [jhpyle@gmail.com](mailto:jhpyle@gmail.com) |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-13T16:52:46.005480+00:00 | GitLab Importer | Affected by | VCID-zkc9-h3cp-5qfz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/docassemble/GMS-2021-9.yml | 38.6.0 |