9 matches found
Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling
Summary A Server-Side Request Forgery SSRF vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially...
CVE-2023-29541
Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux...
UBUNTU-CVE-2023-0700
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
CVE-2022-31739
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when downloading files on Windows, the % character was not escaped, which could have led to a download incorrectly saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%...
PT-2022-20065 · Hashicorp +1 · Go-Getter +1
Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.5.11 and earlier HashiCorp go-getter versions 2.0.2 and earlier Description: The issue concerns the unsafe download handling in HashiCorp go-getter. Malicious HTTP responses can cause various misbehaviors,...
CVE-2021-46417
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580...
UBUNTU-CVE-2020-15658
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR 78.1, Firefox...
CVE-2018-4186
In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation...
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
flashtool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands...