{"id":"PYSEC-2009-5","details":"schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.","aliases":["CVE-2008-6547","GHSA-9jp4-68vc-r8wq"],"modified":"2026-06-10T17:01:17.605181809Z","published":"2009-03-30T01:30:00Z","references":[{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00607.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/31163"},{"type":"WEB","url":"http://sourceforge.net/tracker/download.php?group_id=91231&atid=596416&file_id=271779&aid=1925164"},{"type":"WEB","url":"http://osvdb.org/47082"},{"type":"WEB","url":"http://sourceforge.net/tracker/index.php?func=detail&aid=1925164&group_id=91231&atid=596416"},{"type":"ADVISORY","url":"http://secunia.com/advisories/31081"},{"type":"WEB","url":"http://www.securityfocus.com/bid/30282"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43878"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-9jp4-68vc-r8wq"}],"affected":[{"package":{"name":"formencode","ecosystem":"PyPI","purl":"pkg:pypi/formencode"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1"}]}],"versions":["0.2","0.2.1","0.2.2","0.3","0.4","0.5","0.5.1","0.6","0.7","0.7.1","0.9","1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/formencode/PYSEC-2009-5.yaml"}}],"schema_version":"1.7.5"}