Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

873 matches found

OSV
OSVadded 2021/02/23 6:15 p.m.29 views

CVE-2021-20220

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

4.8CVSS5.5AI score
Exploits0References2
Prion
Prionadded 2021/02/23 6:15 p.m.33 views

Design/Logic Flaw

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS5.8AI score0.02712EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2021/02/23 5:21 p.m.30 views

CVE-2021-20220

A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

6AI score0.01119EPSS
Exploits0References2
CVE
CVEadded 2021/02/23 5:21 p.m.211 views

CVE-2021-20220

CVE-2021-20220 relates to Undertow. A regression in the fix for CVE-2020-10687 enables HTTP request smuggling in Undertow when processing HTTP/1.x and HTTP/2 traffic due to invalid characters in the request line. The vulnerability can allow an attacker to poison a web-cache, perform an XSS attack...

5.8CVSS5.4AI score0.01119EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVASadded 2021/02/23 12:0 a.m.13 views

Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.8, 3.9.x < 3.9.2 Web Cache Poisoning Vulnerability - Mac OS X

Python is prone to a web cache poisoning vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

5.9CVSS8AI score0.37325EPSS
Exploits1References1
OpenVAS
OpenVASadded 2021/02/23 12:0 a.m.25 views

Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.8, 3.9.x < 3.9.2 Web Cache Poisoning Vulnerability - Windows

Python is prone to a web cache poisoning vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

5.9CVSS8AI score0.37325EPSS
Exploits1References1
OpenVAS
OpenVASadded 2021/02/23 12:0 a.m.9 views

Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.8, 3.9.x < 3.9.2 Web Cache Poisoning Vulnerability - Linux

Python is prone to a web cache poisoning vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

5.9CVSS8AI score0.37325EPSS
Exploits1References1
OpenVAS
OpenVASadded 2021/02/23 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-4742-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS8.1AI score0.37325EPSS
Exploits1References2
Ubuntu
Ubuntuadded 2021/02/22 2:8 p.m.142 views

USN-4742-1: Django vulnerability

It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack...

5.9CVSS7.5AI score0.37325EPSS
Exploits1
OSV
OSVadded 2021/02/22 2:8 p.m.3 views

USN-4742-1 python-django vulnerability

It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack...

5.9CVSS6.9AI score0.37325EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2021/02/22 12:0 a.m.44 views

Fedora 33 : python3.7 (2021-f4fd9372c7)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-f4fd9372c7 advisory. - Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python...

9.8CVSS8.5AI score0.37325EPSS
Exploits2References3
Tenable Nessus
Tenable Nessusadded 2021/02/22 12:0 a.m.43 views

Fedora 33 : python3.6 (2021-7547ad987f)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-7547ad987f advisory. - Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python...

9.8CVSS8.5AI score0.37325EPSS
Exploits2References3
Tenable Nessus
Tenable Nessusadded 2021/02/22 12:0 a.m.35 views

openSUSE Security Update : python-bottle (openSUSE-2021-302)

This update for python-bottle fixes the following issues : - CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking bsc1182181. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks i...

6.8CVSS6.4AI score0.01837EPSS
Exploits1References2
Veracode
Veracodeadded 2021/02/20 6:44 a.m.43 views

Web Cache Poisoning

python-django is vulnerable to web cache poisoning. An attacker may separate query parameters using a semicolon ;, causing a difference in the interpretation of the request between the proxy running with default configuration and the server resulting in malicious requests being cached as complete...

5.9CVSS2.7AI score0.37325EPSS
Exploits1References58Affected Software14
ArchLinux
ArchLinuxadded 2021/02/20 12:0 a.m.222 views

[ASA-202102-28] python-django: url request injection

Arch Linux Security Advisory ASA-202102-28 ========================================== Severity: Medium Date : 2021-02-20 CVE-ID : CVE-2021-23336 Package : python-django Type : url request injection Remote : Yes Link : https://security.archlinux.org/AVG-1593 Summary ======= The package python-djan...

5.9CVSS0.7AI score0.37325EPSS
Exploits1References9
OpenVAS
OpenVASadded 2021/02/20 12:0 a.m.13 views

Debian: Security Advisory (DLA-2569-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.1AI score0.37325EPSS
Exploits1References3
Debian
Debianadded 2021/02/19 4:24 p.m.107 views

[SECURITY] [DLA 2569-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2569-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 19, 2021 https://wiki.debian.org/LTS -...

5.9CVSS6.9AI score0.37325EPSS
Exploits1
Snyk
Snykadded 2021/02/19 1:28 p.m.4 views

Web Cache Poisoning

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Web Cache Poisoning. Django contains a copy of urllib.parse.parseqsl which was added to backport some security fixes. A further...

5.9CVSS7.7AI score0.37325EPSS
Exploits1References2
NVD
NVDadded 2021/02/16 4:15 p.m.14 views

CVE-2020-29022

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3...

5.3CVSS0.00803EPSS
Exploits0References1
Prion
Prionadded 2021/02/16 4:15 p.m.16 views

Design/Logic Flaw

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3...

5CVSS5.2AI score0.00803EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder