pysec-2020-112
Vulnerability from pysec
Published
2020-06-21 15:15
Modified
2020-06-26 19:34
Details
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
Impacted products
| Name | purl | tendenci | pkg:pypi/tendenci |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tendenci",
"purl": "pkg:pypi/tendenci"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.0.11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.0",
"5.1.1",
"5.1.2",
"5.1.3",
"5.1.4",
"5.1.5",
"5.1.6",
"5.1.7",
"5.1.8",
"5.1.9",
"5.1.10",
"5.1.11",
"5.1.12",
"5.1.14",
"5.1.15",
"5.1.16",
"5.1.18",
"5.1.19",
"5.1.21",
"5.1.22",
"5.1.23",
"5.1.24",
"5.1.25",
"5.1.26",
"5.1.27",
"5.1.28",
"5.1.29",
"5.1.30",
"5.1.31",
"5.1.32",
"5.1.33",
"5.1.34",
"5.1.35",
"5.1.36",
"5.1.37",
"5.1.38",
"5.1.39",
"5.1.40",
"5.1.41",
"5.1.42",
"5.1.43",
"5.1.45",
"5.1.46",
"5.1.47",
"5.1.48",
"5.1.49",
"5.1.50",
"5.1.51",
"5.1.52",
"5.1.53",
"5.1.54",
"5.1.55",
"5.1.56",
"5.1.57",
"5.1.58",
"5.1.59",
"5.1.60",
"5.1.61",
"5.1.62",
"5.1.63",
"5.1.64",
"5.1.65",
"5.1.66",
"5.1.67",
"5.1.68",
"5.1.69",
"5.1.70",
"5.1.71",
"5.1.72",
"5.1.73",
"5.1.74",
"5.1.75",
"5.1.76",
"5.1.77",
"5.1.78",
"5.1.79",
"5.1.80",
"5.1.81",
"5.1.83",
"5.1.84",
"5.1.85",
"5.1.86",
"5.1.87",
"5.1.88",
"5.1.89",
"5.1.90",
"5.1.91",
"5.1.92",
"5.1.93",
"5.1.94",
"5.1.95",
"5.1.96",
"5.1.97",
"5.1.98",
"5.1.99",
"5.1.100",
"5.1.101",
"5.1.102",
"5.1.103",
"5.1.104",
"5.1.105",
"5.1.106",
"5.1.107",
"5.1.108",
"5.1.109",
"5.1.110",
"5.1.111",
"5.1.112",
"5.1.113",
"5.1.114",
"5.1.115",
"5.1.116",
"5.1.117",
"5.1.118",
"5.1.119",
"5.1.120",
"5.1.121",
"5.1.122",
"5.1.123",
"5.1.124",
"5.1.125",
"5.1.126",
"5.1.127",
"5.1.128",
"5.1.129",
"5.1.130",
"5.1.131",
"5.1.132",
"5.1.133",
"5.1.134",
"5.1.135",
"5.1.136",
"5.1.137",
"5.1.138",
"5.1.139",
"5.1.141",
"5.1.142",
"5.1.143",
"5.1.145",
"5.1.146",
"5.1.147",
"5.1.148",
"5.1.149",
"5.1.150",
"5.1.151",
"5.1.154",
"5.1.155",
"5.1.156",
"5.1.157",
"5.1.158",
"5.1.159",
"5.1.160",
"5.1.161",
"5.1.162",
"5.1.163",
"5.1.164",
"5.1.165",
"5.1.166",
"5.1.168",
"5.1.169",
"5.1.170",
"5.1.171",
"5.1.172",
"5.1.173",
"5.1.174",
"5.1.175",
"5.1.177",
"5.1.178",
"5.1.179",
"5.1.180",
"5.1.181",
"5.1.182",
"5.1.183",
"5.1.184",
"5.1.185",
"5.1.186",
"5.1.187",
"5.1.188",
"5.1.189",
"5.1.190",
"5.1.191",
"5.1.192",
"5.1.193",
"5.1.194",
"5.1.195",
"5.1.196",
"5.1.197",
"5.1.198",
"5.1.199",
"5.1.200",
"5.1.201",
"5.1.202",
"5.1.203",
"5.1.204",
"5.1.205",
"5.1.206",
"5.1.207",
"5.1.208",
"5.1.209",
"5.1.210",
"5.1.211",
"5.1.212",
"5.1.214",
"5.1.215",
"5.1.216",
"5.1.217",
"5.1.218",
"5.1.219",
"5.1.220",
"5.1.221",
"5.1.223",
"5.1.224",
"5.1.225",
"5.1.226",
"5.1.227",
"5.1.228",
"5.1.229",
"5.1.230",
"5.1.231",
"5.1.233",
"5.1.234",
"5.1.235",
"5.1.236",
"5.1.237",
"5.1.238",
"5.1.239",
"5.1.240",
"5.1.241",
"5.1.242",
"5.1.243",
"5.1.244",
"5.1.245",
"5.1.246",
"5.1.247",
"5.1.248",
"5.1.249",
"5.1.250",
"5.1.251",
"5.1.252",
"5.1.253",
"5.1.254",
"5.1.255",
"5.1.256",
"5.1.257",
"5.1.258",
"5.1.259",
"5.1.260",
"5.1.261",
"5.1.262",
"5.1.263",
"5.1.264",
"5.1.265",
"5.1.266",
"5.1.267",
"5.1.268",
"5.1.269",
"5.1.270",
"5.1.271",
"5.1.272",
"5.1.273",
"5.1.274",
"5.1.275",
"5.1.276",
"5.1.277",
"5.1.278",
"5.1.279",
"5.1.280",
"5.1.281",
"5.1.282",
"5.1.283",
"5.1.284",
"5.1.285",
"5.1.286",
"5.1.287",
"5.1.288",
"5.1.289",
"5.1.290",
"5.1.291",
"5.1.292",
"5.1.293",
"5.1.294",
"5.1.295",
"5.1.296",
"5.1.297",
"5.1.298",
"5.1.299",
"5.1.300",
"5.1.302",
"5.1.303",
"5.1.304",
"5.1.305",
"5.1.306",
"5.1.307",
"5.1.308",
"5.1.309",
"5.1.310",
"5.1.311",
"5.1.312",
"5.1.313",
"5.1.314",
"5.1.315",
"5.1.316",
"5.1.317",
"5.1.318",
"5.1.319",
"5.1.320",
"5.1.321",
"5.1.322",
"5.1.323",
"5.1.324",
"5.1.325",
"5.1.326",
"5.1.327",
"5.1.328",
"5.1.329",
"5.1.330",
"5.1.331",
"5.1.332",
"5.1.333",
"5.1.334",
"5.1.336",
"5.1.337",
"5.1.338",
"5.1.339",
"5.1.340",
"5.1.341",
"5.1.342",
"5.1.343",
"5.1.344",
"5.1.345",
"5.1.346",
"5.1.347",
"5.1.349",
"5.1.350",
"5.1.351",
"5.1.352",
"5.1.353",
"5.1.354",
"5.1.355",
"5.1.356",
"5.1.357",
"5.1.358",
"5.1.359",
"5.1.360",
"5.1.361",
"5.1.362",
"5.1.363",
"5.1.364",
"5.1.365",
"5.1.366",
"5.1.367",
"5.1.368",
"5.1.369",
"5.1.370",
"5.1.371",
"5.1.372",
"5.1.373",
"5.1.374",
"5.1.375",
"5.1.376",
"5.1.377",
"5.1.378",
"5.1.379",
"5.1.380",
"5.1.381",
"5.1.382",
"5.1.383",
"5.1.384",
"5.1.385",
"5.1.386",
"5.1.387",
"5.1.388",
"5.1.389",
"5.1.390",
"5.1.391",
"5.1.392",
"5.1.393",
"5.1.394",
"5.1.395",
"5.1.396",
"5.1.397",
"5.1.398",
"5.1.399",
"5.1.400",
"5.1.401",
"5.1.402",
"5.1.403",
"5.1.404",
"5.1.405",
"5.1.406",
"5.1.407",
"5.1.408",
"5.1.409",
"5.1.410",
"5.1.411",
"5.1.412",
"5.1.413",
"5.1.414",
"5.1.415",
"5.1.416",
"5.1.417",
"5.1.418",
"5.1.419",
"5.1.420",
"5.1.421",
"5.1.422",
"5.1.423",
"5.1.424",
"5.1.425",
"5.1.426",
"5.1.427",
"5.1.428",
"5.1.429",
"5.1.430",
"5.1.431",
"5.1.432",
"5.1.433",
"5.1.434",
"5.1.435",
"5.1.436",
"5.1.437",
"5.1.438",
"5.1.439",
"5.1.440",
"5.1.441",
"5.1.442",
"5.1.443",
"5.1.444",
"5.1.445",
"5.1.446",
"5.1.447",
"5.1.448",
"5.1.449",
"5.1.450",
"5.1.451",
"5.1.453",
"5.1.454",
"5.1.455",
"5.1.456",
"5.1.457",
"5.1.458",
"5.1.459",
"5.1.460",
"5.1.461",
"5.1.462",
"5.1.463",
"5.1.464",
"5.1.465",
"5.1.466",
"5.1.467",
"5.1.468",
"5.1.469",
"5.1.470",
"5.1.471",
"5.1.472",
"5.1.473",
"5.1.474",
"5.1.475",
"5.1.476",
"5.1.477",
"5.1.478",
"5.1.479",
"5.1.480",
"5.1.481",
"5.1.482",
"5.1.483",
"5.1.484",
"5.1.485",
"5.1.486",
"5.1.487",
"5.1.488",
"5.1.489",
"5.1.490",
"5.1.491",
"5.1.492",
"5.1.493",
"5.1.494",
"5.1.495",
"5.1.496",
"5.1.497",
"5.1.498",
"5.1.499",
"5.1.501",
"5.2.0",
"5.2.1",
"5.2.2",
"5.2.3",
"5.2.4",
"7.1.27",
"7.1.29",
"7.1.30",
"7.1.31",
"7.1.32",
"7.1.33",
"7.1.34",
"7.1.35",
"7.1.36",
"7.1.37",
"7.1.38",
"7.1.381",
"7.1.382",
"7.1.383",
"7.1.384",
"7.1.385",
"7.1.386",
"7.1.387",
"7.1.388",
"7.1.389",
"7.1.390",
"7.1.391",
"7.1.392",
"7.1.393",
"7.1.394",
"7.1.395",
"7.1.396",
"7.1.397",
"7.1.398",
"7.1.399",
"7.2.0",
"7.2.1",
"7.2.2",
"7.2.3",
"7.2.4",
"7.2.5",
"7.2.6",
"7.2.7",
"7.2.8",
"7.2.9",
"7.2.10",
"7.2.11",
"7.2.12",
"7.2.13",
"7.2.14",
"7.2.15",
"7.2.16",
"7.2.17",
"7.2.18",
"7.2.19",
"7.2.20",
"7.2.21",
"7.2.22",
"7.2.23",
"7.2.24",
"7.2.25",
"7.2.26",
"7.2.27",
"7.2.28",
"7.2.29",
"7.2.30",
"7.2.31",
"7.2.32",
"7.2.33",
"7.2.34",
"7.2.35",
"7.2.36",
"7.2.37",
"7.2.38",
"7.2.39",
"7.2.40",
"7.2.41",
"7.2.42",
"7.2.43",
"7.2.44",
"7.2.45",
"7.2.46",
"7.2.47",
"7.2.48",
"7.2.49",
"7.2.50",
"7.2.51",
"7.2.52",
"7.2.53",
"7.2.54",
"7.2.55",
"7.2.56",
"7.2.57",
"7.2.58",
"7.2.59",
"7.2.60",
"7.2.61",
"7.2.62",
"7.2.63",
"7.2.64",
"7.2.65",
"7.2.66",
"7.2.67",
"7.2.68",
"7.2.69",
"7.2.70",
"7.2.71",
"7.2.72",
"7.2.73",
"7.2.74",
"7.2.75",
"7.2.76",
"7.2.77",
"7.2.78",
"7.2.79",
"7.2.80",
"7.2.81",
"7.3.0",
"7.3.1",
"7.3.2",
"7.3.3",
"7.3.4",
"7.3.5",
"7.3.6",
"7.3.7",
"7.3.8",
"7.3.9",
"7.3.10",
"7.3.11",
"7.3.12",
"7.3.13",
"7.4.0",
"7.4.1",
"7.4.2",
"7.4.3",
"7.4.4",
"7.5.0",
"7.5.1",
"7.5.2",
"11.0",
"11.0.1",
"11.0.2",
"11.0.3",
"11.0.4",
"11.0.5",
"11.0.6",
"11.0.7",
"11.0.8",
"11.1",
"11.1.1",
"11.1.2",
"11.2",
"11.2.1",
"11.2.2",
"11.2.3",
"11.2.4",
"11.2.5",
"11.2.6",
"11.2.7",
"11.2.8",
"11.2.9",
"11.2.10",
"11.2.11",
"11.2.12",
"11.3",
"11.3.1",
"11.4",
"11.4.1",
"11.4.2",
"11.4.3",
"11.4.4",
"11.4.5",
"11.4.6",
"11.4.7",
"11.4.8",
"11.4.9",
"11.4.10",
"12.0",
"12.0.1",
"12.0.2",
"12.0.3",
"12.0.4",
"12.0.5",
"12.0.6",
"12.0.7",
"12.0.8",
"12.0.9",
"12.0.10"
]
}
],
"aliases": [
"CVE-2020-14942",
"GHSA-jqmc-fxxp-r589"
],
"details": "Tendenci 12.0.10 allows unrestricted deserialization in apps\\helpdesk\\views\\staff.py.",
"id": "PYSEC-2020-112",
"modified": "2020-06-26T19:34:00Z",
"published": "2020-06-21T15:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://github.com/tendenci/tendenci/issues/867"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jqmc-fxxp-r589"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…