17 matches found
📄 Bloomberg Memray Cross Site Scripting
Bloomberg Memray prior to versions 1.19.2 rendered the command line of the tracked process directly into generated HTML reports without escaping, allowing for cross site scripting attacks. CVE-2026-32722 Bloomberg Memray’s Stored XSS via Unescaped Command-Line Metadata Intro I found this issue...
Linux Distros Unpatched Vulnerability : CVE-2026-32722
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports...
arlbench (=0.1.3), backend-ai-appproxy-coordinator (>=25.13.0 <=26.4.4rc3) +3 more potentially affected by CVE-2026-32722 via memray (>=1.12.0 <=1.17.2)
memray PYPI version =1.12.0, =25.13.0, =25.13.0, =26.2.0, =26.4.4rc3 - feluda-image-vec-rep-resnet =0.1.0 Source cves: CVE-2026-32722 Source advisory: SNYK:PYTHON-MEMRAY-15763582...
Cross-site Scripting (XSS)
Overview memray is an A memory profiler for Python applications Affected versions of this package are vulnerable to Cross-site Scripting XSS via the command-line metadata process. An attacker can execute arbitrary JavaScript code in the context of the generated HTML report by supplying specially...
CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
UBUNTU-CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722 Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722
CVE-2026-32722 concerns Bloomberg’s Memray Python memory profiler prior to v1.19.2, where the command line of the tracked process was rendered directly into generated HTML reports without escaping. This allowed attacker-controlled command-line metadata to be inserted as raw HTML, enabling JavaScr...
CVE-2026-32722 Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722 Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
Memray 跨站脚本漏洞
Memray is a memory analysis tool open source by Bloomberg. Versions of Memray prior to 1.19.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML reports generated without escaping the command-line parameters of the tracking process. As a result, parameters...
Stored XSS in Memray-generated HTML reports via unescaped command-line metadata
Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...
arlbench (=0.1.3), backend-ai-appproxy-coordinator (>=25.13.0 <=26.4.4rc3) +3 more potentially affected by CVE-2026-32722 via memray (>=1.12.0 <=1.17.2)
memray PYPI version =1.12.0, =25.13.0, =25.13.0, =26.2.0, =26.4.4rc3 - feluda-image-vec-rep-resnet =0.1.0 Source cves: CVE-2026-32722 Source advisory: OSV:GHSA-R5PR-887V-M2W9...
GHSA-R5PR-887V-M2W9 Stored XSS in Memray-generated HTML reports via unescaped command-line metadata
Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...