Lucene search
+L

198 matches found

osv
osv
added 2021/07/05 11:15 a.m.13 views

CVE-2021-23401

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

6.1CVSS5.9AI score0.01113EPSS
Exploits1References3
attackerkb
attackerkb
added 2021/07/05 10:20 a.m.5 views

CVE-2021-23401

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

6.1CVSS5.7AI score0.01113EPSS
Exploits1References4
cnnvd
cnnvd
added 2021/07/05 12:0 a.m.9 views

flask-user 输入验证错误漏洞

Flask-User is a software application. Customizable user authentication and user management, register, confirm, login, change username, password, forget password, etc. A security vulnerability exists in Flask-User, which can be exploited to bypass url authentication and redirect a user to an...

6.1CVSS5.8AI score0.01113EPSS
Exploits1References3
pypa
pypa
added 2021/06/11 12:15 a.m.8 views

PYSEC-2021-96

This affects the package Flask-Unchained before 0.9.0. When using the the validateredirecturl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an...

5.8CVSS7AI score0.00716EPSS
Exploits0References3Affected Software1
snyk
snyk
added 2021/05/18 10:46 a.m.3 views

Open Redirect

Overview Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Open Redirect. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing...

6.1CVSS6.9AI score0.00913EPSS
Exploits1References2
snyk
snyk
added 2021/05/15 11:6 p.m.4 views

Open Redirect

Overview Flask-Unchained is a The quickest and easiest way to build large web apps and APIs with Flask and SQLAlchemy Affected versions of this package are vulnerable to Open Redirect. When using the the validateredirecturl function, it is possible to bypass URL validation and redirect a user to ...

5.8CVSS6.9AI score0.00716EPSS
Exploits0References2
osv
osv
added 2021/04/29 9:15 p.m.8 views

ALPINE-CVE-2021-29468

Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on...

8.8CVSS7.1AI score0.0124EPSS
Exploits0References1
redhatcve
redhatcve
added 2021/04/01 1:38 a.m.77 views

CVE-2020-28469

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

7.5CVSS2.9AI score0.04456EPSS
Exploits1References4
hackerone
hackerone
added 2021/03/20 7:21 p.m.110 views

Ruby: Path traversal in Tempfile on windows OS due to unsanitized backslashes

Hi team, Summary We've noticed that both arguments basename and ext of Tempfile on Windows are vulnerable to a path traversal which could allow unintentional file creating in arbitrary writable directories. Tempfile often has a user control either by basename or ext or both. PoC irbmain:029:0...

5CVSS2.4AI score0.57133EPSS
Exploits1
osv
osv
added 2021/02/22 12:15 a.m.2 views

DEBIAN-CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

5.3CVSS7AI score0.01964EPSS
Exploits1References1
osv
osv
added 2021/02/22 12:15 a.m.8 views

UBUNTU-CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

5.3CVSS6.8AI score0.01964EPSS
Exploits1References6
cnnvd
cnnvd
added 2021/02/21 12:0 a.m.6 views

url-parse security vulnerability

Arnout Kazemier url-parse is an application by the individual developer Arnout Kazemiere Arnout Kazemier, USA. It provides url parsing. A security vulnerability exists in url-parse before version 1.5.0 that stems from incorrectly handling certain uses of backslashes, such as http: /, and...

5.3CVSS6.8AI score0.01964EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2021/02/21 12:0 a.m.5 views

PT-2021-17488 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.0 Description: The issue concerns the mishandling of certain uses of backslash in URLs, such as http:/, which are interpreted as relative paths instead of proper URLs. Recommendations: For versions prior to...

10CVSS6.3AI score0.03805EPSS
Exploits7References44
kitploit
kitploit
added 2020/09/05 9:30 p.m.58 views

Hardcodes - Find Hardcoded Strings From Source Code

hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle comments, any number of backslashes & nearly any syntax you throw at it. Yes, it is designed to process any syntax and following languages are officially supported: ada,...

7.3AI score
Exploits0References1
redhat
redhat
added 2019/11/05 9:20 p.m.6 views

mod_auth_mellon: open redirect in logout url when using URLs with backslashes

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS5.8AI score0.02131EPSS
Exploits0References4
veracode
veracode
added 2019/05/16 3:38 a.m.26 views

Open Redirection

modauthmellon is vulnerable to open redirection vulnerability. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL...

6.1CVSS6.8AI score0.02131EPSS
Exploits0References12Affected Software3
amazon
amazon
added 2019/05/16 12:0 a.m.25 views

Important: mod_auth_mellon

Issue Overview: A vulnerability was found in a previous version of modauthmellon. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them ...

8.1CVSS7.1AI score0.02969EPSS
Exploits1
nessus
nessus
added 2019/05/07 12:0 a.m.32 views

Amazon Linux AMI : mod24_auth_mellon (ALAS-2019-1200)

A vulnerability was found in modauthmellon. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP non-browser based...

8.1CVSS6.7AI score0.02969EPSS
Exploits1References3
nessus
nessus
added 2019/05/01 12:0 a.m.28 views

EulerOS 2.0 SP2 : mod_auth_mellon (EulerOS-SA-2019-1319)

According to the versions of the modauthmellon package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - modauthmellon: authentication bypass in ECP flow CVE-2019-3878 - modauthmellon: open redirect in logout url when using URLs with backslash...

8.1CVSS6.9AI score0.02969EPSS
Exploits1References3
redhat
redhat
added 2019/04/16 2:49 p.m.5 views

mod_auth_mellon: open redirect in logout url when using URLs with backslashes

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS5.8AI score0.02131EPSS
Exploits0References4
Rows per page
Query Builder