orbeckst
commented
7 months ago I don't really know where this extension is used in propka and what the impact on propka is so right now I'd be happy for anyone knowledgeable to take this one on.
Closed orbeckst closed 7 months ago
orbeckst
commented
7 months ago I don't really know where this extension is used in propka and what the impact on propka is so right now I'd be happy for anyone knowledgeable to take this one on.
sobolevnrm
commented
7 months ago I'll take care of it. Thanks!
Notification from RTD regarding a security vulnerability in the readthedocs-sphinx-search Sphinx extension.
Recently, we identified a security vulnerability in our readthedocs-sphinx-search Sphinx extension. We have detected that you have used this extension in your builds in the last six months, in the following projects:
This vulnerability could allow an attacker to inject arbitrary HTML content when including search results from a malicious project, using the project:
<malicious-project>search filter in a malicious link likehttps://docs.example.com/en/latest/?rtd_search=project:<malicious-project>query, for instance.If you no longer use this extension, feel free to disregard this message. Otherwise, we strongly recommend updating to the latest version (0.3.2) as soon as possible.
Alternatively, you can try our new search integration from our addons project, which will replace the Sphinx extension in the future. You can enable it from our beta dashboard at https://beta.readthedocs.org/, by navigating to your project's Settings page, and clicking on the Addons tab.
Documentation sites from Read the Docs Community (*.readthedocs.io and custom domains), don't use of session cookies, so what an attacker could do is very limited. You can find more information about this vulnerability in our security advisory.