Vulnerability Details CVE-2021-35196
Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2021-35196
-
cpe:2.3:a:theologeek:manuskript:-
-
cpe:2.3:a:theologeek:manuskript:0.1.0
-
cpe:2.3:a:theologeek:manuskript:0.1.1
-
cpe:2.3:a:theologeek:manuskript:0.10.0
-
cpe:2.3:a:theologeek:manuskript:0.11.0
-
cpe:2.3:a:theologeek:manuskript:0.12.0
-
cpe:2.3:a:theologeek:manuskript:0.2.0
-
cpe:2.3:a:theologeek:manuskript:0.3.0
-
cpe:2.3:a:theologeek:manuskript:0.4.0
-
cpe:2.3:a:theologeek:manuskript:0.5.0
-
cpe:2.3:a:theologeek:manuskript:0.6.0
-
cpe:2.3:a:theologeek:manuskript:0.7.0
-
cpe:2.3:a:theologeek:manuskript:0.8.0
-
cpe:2.3:a:theologeek:manuskript:0.9.0