PT-2021-12083 · Revel · Revel

Name of the Vulnerable Software and Affected Versions: revel versions prior to 1.0.0 Description: The issue is caused by unsanitized input in the query parser, allowing remote attackers to cause resource exhaustion via memory allocation. An attacker can manipulate the request query sent to an...

bottle HTTP Request smuggling

The package bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with default...

OESA-2021-1125 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2021-28247

CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting XSS. The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2021:0947-1)

This update for python3 fixes the following issues : python36 was updated to 3.6.13 CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. Note that Tenable Network Security has extracted the precedin...

SUSE SLES12 Security Update : python3 (SUSE-SU-2021:0886-1)

This update for python3 fixes the following issues : CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. Note that Tenable Network Security has extracted the preceding description block directly fr...

SUSE-SU-2021:0886-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379...

GROWI Cross-Site Scripting Vulnerability (CNVD-2021-19695)

Weseek GROWI is a suite of team collaboration software from Weseek Japan. A reflected cross-site scripting vulnerability exists in GROWI 4.2.0 - 4.2.7. The vulnerability stems from insufficient validation of URL query parameters. An attacker can exploit this vulnerability to execute arbitrary...

CVE-2021-20672

Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI v4.2 Series versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors...

jenkins: Excessive memory allocation in graph URLs leads to denial of service

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

jenkins: Reflected XSS vulnerability in markup formatter preview

A flaw was found in jenkins. A cross-site scripting XSS vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat...

jenkins: Excessive memory allocation in graph URLs leads to denial of service

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

USN-4742-1 python-django vulnerability

It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack...

Web Cache Poisoning

python-django is vulnerable to web cache poisoning. An attacker may separate query parameters using a semicolon ;, causing a difference in the interpretation of the request between the proxy running with default configuration and the server resulting in malicious requests being cached as complete...

CVE-2021-23336

The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request...

CVE-2020-28476

A flaw was found in python-tornado. All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the...

CVE-2021-21607

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

Debian DLA-2531-1 : python-bottle security update

The package src:python-bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

DEBIAN-CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

Bottle Environmental Vulnerability

Bottle is a simple and lightweight Python-based WSGI micro web framework from the Bottle community. A security vulnerability exists in bottle versions 0 through 0.12.19, where an attacker's use of semicolons to separate query parameters results in a different interpretation of requests between th...