398 matches found
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
Cross site scripting
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
PYSEC-2022-249
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
CVE-2021-32862 is a cross-site scripting (XSS) vulnerability in nbconvert when generating HTML from user-controlled notebooks. The GitHub Security Lab disclosed sixteen routes to inject arbitrary HTML into HTML exports (e.g., nbviewer). Connected advisories confirm nbconvert is affected and provi...
GHSA-9JMQ-RX5F-8JWQ nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on [email protected] unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel fr...
ownCloud: GitHub Security Lab (GHSL) Vulnerability Report: SQLInjection in FileContentProvider.kt (GHSL-2022-059)
Vulnerability description not provided...
Grails framework Remote Code Execution via Data Binding
Impact A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. Patches Grails framewor...
Hyperledger: Remote denial of service in HyperLedger Fabric
This issue was caused by a missing check of nil. An orderer to orderer consensus message that contains an empty inner message crashes the node because it attempts to figure out its type and the mere action of determining the type of a nil pointer, causes a panic. Thank you to Haosheng Wang of OPP...
GitHub Security Lab: PYTHON: CWE-079 - Add query for email injection
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: CPP: Pam Authorization Bypass
Vulnerability description not provided...
GitHub Security Lab: Golang : Add Query To Detect PAM Authorization Bugs
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Golang : Hardcoded secret used for signing JWT
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: Python : Add query to detect PAM authorization bypass
Vulnerability description not provided...
GitHub Security Lab: CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory
This bug was reported directly to GitHub Security Lab...
GHSA-XH29-R2W5-WX8M Nokogiri Improperly Handles Unexpected Data Type
Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent. Credit This vulnerability was responsibly reported by @agustingianni and the Github Security Lab...
Nokogiri Improperly Handles Unexpected Data Type
Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent. Credit This vulnerability was responsibly reported by @agustingianni and the Github Security Lab...
GitHub Security Lab: [Java]: Flow sources and steps for JMS and RabbitMQ
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [python]: Zip Slip Vulnerability
This bug was reported directly to GitHub Security Lab...