{"id":"CVE-2015-0846","details":"django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.","aliases":["GHSA-wxmr-7xjv-8xqw","PYSEC-2015-12"],"modified":"2026-01-27T04:13:44.463195Z","published":"2015-04-24T14:59:07Z","withdrawn":"2026-01-27T04:13:44.463195Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2015/dsa-3230"},{"type":"WEB","url":"https://github.com/jamesturk/django-markupfield/blob/master/CHANGELOG"}],"schema_version":"1.7.3"}