PYSEC-2021-89

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

GHSA-RFQ3-W54C-F9Q5 OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses

Impact fosite400 released as v0.30.2 introduced a new feature for handling redirect URLs pointing to loopback interfaces rfc8252section-7.3. As part of that change new behavior was introduced which failed to respect the redirect URL's only for loopback interfaces! query parameters 1. Registering ...

OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses

Impact fosite400 released as v0.30.2 introduced a new feature for handling redirect URLs pointing to loopback interfaces rfc8252section-7.3. As part of that change new behavior was introduced which failed to respect the redirect URL's only for loopback interfaces! query parameters 1. Registering ...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2021-1911)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-4985

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642...

GHSA-8QPM-5C82-RF96 Prototype Pollution in backbone-query-parameters

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype...

Prototype Pollution in backbone-query-parameters

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype...

CVE-2021-20085

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype...

Buffer overflow

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype...

CVE-2021-20085

CVE-2021-20085 affects backbone-query-parameters 0.4.0 and describes a prototype pollution flaw: improperly controlled modification of Object.prototype that enables a malicious user to inject properties into Object.prototype. The connected documents consistently reference this vulnerability and i...

CVE-2021-20085

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype...

backbone-query-parameters 安全漏洞

backbone-query-parameters is an application. Copy ribs.queryparams.js into the environment and include it after ribs.js. A security vulnerability exists in backbone-query-parameters 0.4.0, which stems from an improperly controlled modification of an object prototype property that allows a malicio...

PT-2021-13763 · Unknown · Backbone-Query-Parameters

Name of the Vulnerable Software and Affected Versions: backbone-query-parameters version 0.4.0 Description: The issue is related to improperly controlled modification of object prototype attributes, also known as 'Prototype Pollution'. This allows a malicious user to inject properties into...

CVE-2021-24237

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...

CVE-2021-31551

An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages...

Github authelia 输入验证错误漏洞

Github authelia is an application from Github USA. An open source authentication and authorization server that provides 2-factor authentication and single sign-on SSO to applications through a web portal. Authelia version 4.27.4 and prior versions contain an input validation error vulnerability...

PT-2021-12083 · Revel · Revel

Name of the Vulnerable Software and Affected Versions: revel versions prior to 1.0.0 Description: The issue is caused by unsanitized input in the query parser, allowing remote attackers to cause resource exhaustion via memory allocation. An attacker can manipulate the request query sent to an...

bottle HTTP Request smuggling

The package bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with default...

OESA-2021-1125 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CVE-2021-28247

CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting XSS. The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the...