49 matches found
GHSA-QM57-VHQ3-3FWF Header injection possible in Django
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...
PYSEC-2021-8
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...
UBUNTU-CVE-2021-32052
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...
Django 跨站脚本漏洞
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A cross-site scripting vulnerability exists in django, which stems from the fact that on Python...
PT-2021-19642 · Django +3 · Django +3
Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.22 Django versions 3.1 before 3.1.10 Django versions 3.2 before 3.2.2 Description: The issue arises from the URLValidator in Django not prohibiting newlines and tabs, unless the URLField form field is used. This...
Malicious Package
Overview activemodel-url-validator is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
GHSA-RV95-4WXJ-6FQQ Pylons Colander Denial of Service vulnerability
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
Pylons Colander Denial of Service vulnerability
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
Denial Of Service (DoS)
colander is vulnerable to denial of service DoS attacks. The vulnerability exists as it is possible to cause an infinite loop when handling an unclosed parenthesis when using the URL Validator...
Code injection
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
CVE-2017-18361
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
PYSEC-2019-167
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
PYSEC-2019-167
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
UBUNTU-CVE-2017-18361
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
CVE-2017-18361
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
CVE-2017-18361
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
CVE-2017-18361
CVE-2017-18361 affects Pylons Colander up to version 1.6, where the URL validator can enter an infinite loop due to an unclosed parenthesis, causing a denial of service. The connected documents do not provide a remediation/patch version; monitor for updates from project maintainers.
CVE-2017-18361
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...
CVE-2017-18361
Removed by vendor...
GHSA-X5X7-3V85-WPC4 Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this...