{"id":"PYSEC-2021-117","details":"This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output.","aliases":["CVE-2021-23423","GHSA-hf6p-4rv2-9qrp","SNYK-PYTHON-BIKESHED-1537647"],"modified":"2023-11-08T04:05:08.804375Z","published":"2021-08-16T08:15:00Z","references":[{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537647"},{"type":"FIX","url":"https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-hf6p-4rv2-9qrp"}],"affected":[{"package":{"name":"bikeshed","ecosystem":"PyPI","purl":"pkg:pypi/bikeshed"},"ranges":[{"type":"GIT","repo":"https://github.com/tabatkins/bikeshed","events":[{"introduced":"0"},{"fixed":"b2f668fca204260b1cad28d5078e93471cb6b2dd"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.0"}]}],"versions":["1.0.0","1.0.1","1.0.10","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.2.0","1.2.1","1.2.2","1.3.0","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.5.0","1.5.1","1.5.2","1.5.3","1.6.0","1.6.1","1.6.2","1.6.3","1.7.0","2.0.0","2.1.0","2.2.0","2.2.1","2.2.2","2.2.3","2.3.0","2.3.1","2.4.0","2.4.1","2.4.2","2.4.3","2.4.4","2.4.5","2.4.6","2.4.7"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/bikeshed/PYSEC-2021-117.yaml"}}],"schema_version":"1.7.3"}