Security vulnerabilities and automated fixes for sphinx issues
1 post found
A critical shell injection vulnerability was discovered and fixed in a Sphinx documentation extension (gmtplot.py), where subprocess calls using shell=True allowed arbitrary command execution through crafted filenames in RST documentation files. This fix demonstrates how even documentation tooling can become an attack vector when user-controlled input reaches shell interpreters without sanitization. Understanding and remediating this class of vulnerability is essential for any project that proce