Deserialization of Untrusted Data in Tendenci
High severity
GitHub Reviewed
Published
Jun 18, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Jun 21, 2020
Reviewed
May 11, 2021
Published to the GitHub Advisory Database
Jun 18, 2021
Last updated
Feb 1, 2023
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.
References