1
Candidate: CVE-2016-3952
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3952
5
https://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/
6
https://github.com/web2py/web2py/commit/9706d125b42481178d2b423de245f5d2faadbf40
8
web2py before 2.14.1, when using the standalone version, allows remote
9
attackers to obtain environment variable values via a direct request to
10
examples/template_examples/beautify. NOTE: this issue can be leveraged by
11
remote attackers to gain administrative access.
21
upstream_web2py: needs-triage
22
precise/esm_web2py: DNE
23
trusty_web2py: needs-triage
24
xenial_web2py: needs-triage
25
artful_web2py: needs-triage