1332 matches found
Apache Struts 安全漏洞
Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts has a file upload...
CVE-2024-53907
A vulnerability was found in the Django Web Framework. The striptags and stripbtags template filter may be vulnerable to a potential denial of service DoS in cases of a large sequence of nested incomplete HTML entities. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2024-53908
A vulnerability was found in the Django Web Framework. The direct usage of django.db.models.fields.json.HasKey may be vulnerable to SQL injection if untrusted data is used to perform queries...
Important: Red Hat Security Advisory: python-tornado security update
An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
ALSA-2024:10590 Important: python-tornado security update
Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: Tornado has HTTP cookie parsing DoS vulnerability CVE-2024-52804 For more details about the security issues,...
编号撤回
Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. This CVE number has been withdrawn...
Malicious code in web-framework-addons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5274032fc0a53368c86dc7ddfbf044a3eaf831203e6b9f1df908fa32ba29050c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-11017 Malicious code in web-framework-addons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5274032fc0a53368c86dc7ddfbf044a3eaf831203e6b9f1df908fa32ba29050c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-52804
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...
CVE-2024-52804 Tornado has HTTP cookie parsing DoS vulnerability
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...
CVE-2024-52804
The CVE-2024-52804 issue affects Tornado prior to 6.4.2, where the HTTP cookie parsing algorithm can exhibit quadratic complexity, causing high CPU usage in the event loop and potential DoS. The documented fix is upgrading to Tornado 6.4.2. Connected advisories also reference mitigation in packag...
CVE-2024-52804
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...
Sinatra 安全漏洞
Sinatra is a Sinatra open source DSL for quickly creating web applications in Ruby with minimal effort A security vulnerability exists in Sinatra. An attacker exploiting this vulnerability can trigger an open redirection attack by inserting an arbitrary address in the header...
[SECURITY] Fedora 41 Update: python-fastapi-0.115.2-1.fc41
FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.8+ based on standard Python type hints. The key features are: =E2=80=A2 Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python frameworks available...
[SECURITY] Fedora 40 Update: python-fastapi-0.111.1-7.fc40
FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.8+ based on standard Python type hints. The key features are: =E2=80=A2 Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python frameworks available...
JetBrains Ktor Information Disclosure Vulnerability
JetBrains Ktor is a lightweight , asynchronous Kotlin Web framework developed by JetBrains . JetBrains Ktor suffers from an information disclosure vulnerability that stems from improper caching in the HttpCache plugin, which can be exploited by an attacker to cause the disclosure of response...
CVE-2024-48913
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery CSRF middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Th...
CVE-2024-48913 Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery CSRF middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Th...
CVE-2024-48913 Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery CSRF middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Th...
CVE-2024-48913
Hono (web framework) before version 4.6.5 is vulnerable to CSRF protection bypass: the csrf middleware treats a request without a Content-Type header as safe, allowing an attacker to bypass CSRF protection. Impact is arthritic to user actions guarded by CSRF middleware, with reported CVSS 5.9 (Me...