4 matches found
Cocoon 安全漏洞
Cocoon is a simple and reliable security repository from the personal developer Alexander Fadeev. A security vulnerability exists in Cocoon versions prior to 0.4.0 that stems from the easy reuse of Nonce key pairs in encryption, which allows an attacker to generate the same ciphertext by creating...
PT-2023-32941 · Cocoon · Cocoon
Name of the Vulnerable Software and Affected Versions: cocoon versions prior to 0.4.0 Description: The issue is related to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new...
PT-2023-18514 · Unknown · Svg-Sanitizer
Name of the Vulnerable Software and Affected Versions: sanitize-svg versions prior to 0.4.0 Description: The sanitize-svg package uses a deny-list-pattern to sanitize SVGs and prevent cross-site scripting attacks. However, literal -tags and on-event handlers were detected in versions prior to...
PT-2022-23139 · Rizin · Rizin
Name of the Vulnerable Software and Affected Versions: Rizin versions 0.4.0 and prior Description: Rizin is a UNIX-like reverse engineering framework and command-line toolset. The issue arises from an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file coul...