Lucene search
K

91 matches found

OSV
OSV
added 2022/05/17 12:48 a.m.3 views

GHSA-Q5QW-4364-5HHM Django Vulnerable to HTTP Response Splitting Attack

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

8.7CVSS7.2AI score0.03665EPSS
Exploits0References18
Veracode
Veracode
added 2021/10/11 7:27 a.m.3 views

Regular Expression Denial Of Service (ReDoS)

devextreme is vulnerable to regular expression denial of service. The vulnerability exists in validationengine.js because Incorrect sanitations in email validator allows an attacker to use malicious inputs resulting in denial of service conditions...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/06/22 3:18 p.m.65 views

PHPMailer untrusted code may be run from an overridden address validator

If a function is defined that has the same name as the default built-in email address validation scheme php, it will be called in default configuration as when no validation scheme is provided, the default scheme's callable php was being called. If an attacker is able to inject such a function in...

8.1CVSS7.9AI score0.0226EPSS
Exploits0References10Affected Software1
CNNVD
CNNVD
added 2021/04/23 12:0 a.m.7 views

Vaadin vaadin-server 资源管理错误漏洞

vaadin-server is a Vaadin open source application . A platform for rapid development of Web applications on the Java backend . vaadin: A resource management error vulnerability exists in the EmailValidator class in vaadin-server versions 7.0.0 through 7.7.21, which can be exploited by an attacker...

7.5CVSS5.7AI score0.01956EPSS
Exploits1References4
OSV
OSV
added 2018/05/31 8:29 p.m.5 views

CVE-2016-10521

jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...

7.5CVSS5.8AI score0.01093EPSS
Exploits0References1
CVE
CVE
added 2018/05/31 8:0 p.m.52 views

CVE-2016-10521

The CVE-2016-10521 issue affects the jshamcrest library, specifically the emailAddress validator. The underlying vulnerability is a regular expression denial of service (ReDoS) caused by certain user inputs, with PoC details showing heavy input can block the event loop. Documented impact indicate...

7.5CVSS7.4AI score0.01093EPSS
Exploits0References1Affected Software1
n0where
n0where
added 2018/01/09 5:6 a.m.165 views

Web Reconnaissance Framework: Recon-ng

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can...

7.7AI score
Exploits0References6
OSV
OSV
added 2015/07/14 5:59 p.m.2 views

DEBIAN-CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

4.3CVSS7.1AI score0.03665EPSS
Exploits0References1
OSV
OSV
added 2015/07/14 5:59 p.m.4 views

PYSEC-2015-10

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

4.3CVSS7.2AI score0.03665EPSS
Exploits0References11
PyPA
PyPA
added 2015/07/14 5:59 p.m.8 views

PYSEC-2015-10

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

4.3CVSS7.1AI score0.03665EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2015/07/08 12:0 a.m.6 views

UBUNTU-CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

4.3CVSS7.3AI score0.03665EPSS
Exploits0References4
Rows per page
Query Builder