Impact
This vulnerability could potentially allow a malicious user to write to any files that our application has write access to.
Exploiting this vulnerability requires creating symlinks that pointed to files outside a project root.
The contents that can be written aren't fully controlled by the attacker, so the impact of this attack is limited.
Users of https://readthedocs.org/ and https://readthedocs.com/ do not need to take any further action, we have taken measures to ensure that the security issue is now fully fixed.
This issue was discovered by a member of our team, and we have seen no signs of intrusion in our systems, or that this vulnerability was exploited.
Custom installations
We don't officially support custom installations of Read the Docs, but If you are using a custom installation, we recommend you to upgrade.
Patches
This issue has been patched in our 9.16.5 release.
References
For more information
If you have any questions or comments about this advisory:
stsewd Finder
Impact
This vulnerability could potentially allow a malicious user to write to any files that our application has write access to.
Exploiting this vulnerability requires creating symlinks that pointed to files outside a project root.
The contents that can be written aren't fully controlled by the attacker, so the impact of this attack is limited.
Users of https://readthedocs.org/ and https://readthedocs.com/ do not need to take any further action, we have taken measures to ensure that the security issue is now fully fixed.
This issue was discovered by a member of our team, and we have seen no signs of intrusion in our systems, or that this vulnerability was exploited.
Custom installations
We don't officially support custom installations of Read the Docs, but If you are using a custom installation, we recommend you to upgrade.
Patches
This issue has been patched in our 9.16.5 release.
References
For more information
If you have any questions or comments about this advisory: