Vue 安全漏洞

Vue is an HTML, CSS, and JS framework open-sourced by Vue. It is used to develop web applications with fine-grained reactivity. A security vulnerability exists in Vue versions 2.0.0 through 3.0.0, which stems from a potential regular expression denial of service vulnerability caused by an incorre...

CVE-2024-47885

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tag...

CVE-2024-47885

The CVE-2024-47885 entry relates to a DOM Clobbering gadget in Astro’s client-side router. Affected are Astro versions 3.0.0 through 4.16.0/4.16.1 pre-patch, where stored attacker-controlled scriptless HTML elements (e.g., iframe with unsanitized name attributes) on pages using ViewTransitions ca...

CVE-2024-47885 astro's client-side router has DOM Clobbering Gadget that leads to XSS

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tag...

djangorestframework: Cross-site Scripting (XSS) via break_long_headers

A vulnerability was found in the djangorestframework package. Cross-site scripting occurs via the breaklongheaders template filter due to improper input sanitization before splitting and joining with tags...

The vulnerability of the Twisted web framework, related to the lack of protective measures for website structures, allows attackers to access confidential data and compromise its integrity.

The vulnerability of the Twisted web framework is related to the lack of security measures for website structures. Exploiting this vulnerability allows a malicious actor to gain access to confidential data and compromise its integrity...

apache: cxf: org.apache.cxf:cxf-rt-rs-security-jose: Denial of Service vulnerability in JOSE

An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...

The vulnerability of the django.utils.html.urlize() function in the Django web application framework allows a attacker to trigger a denial-of-service attack.

The vulnerability of the django.utils.html.urlize function in the Django web application framework is related to inconsistencies in the parameters related to input data length. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

RHSA-2011:0175 Red Hat Security Advisory: JBoss Web Framework Kit 1.0.0 removal

Bulletin has no description...

[SECURITY] Fedora 41 Update: python-django-4.2.16-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 41 Update: python-django4.2-4.2.16-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

CVE-2024-43796

A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect, even if the input is sanitized. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

CVE-2024-43796

Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...

CVE-2024-43796

Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...

CVE-2024-43796

CVE-2024-43796 : Express.js (Node) vulnerable in versions prior to 4.20.0 where untrusted input passed to response.redirect() can lead to execution of untrusted code. This is mitigated by upgrading to Express.js 4.20.0 or newer; the issue is categorized under a cross-site scripting concern in the...

CVE-2024-43796 express vulnerable to XSS via response.redirect()

Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...

[SECURITY] Fedora 40 Update: python-django-4.2.16-1.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 40 Update: python-django4.2-4.2.16-1.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 39 Update: python-django4.2-4.2.16-1.fc39

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Debian dla-3877 : ruby-rack-protection - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3877 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3877-1 [email protected]...