Django Debug Mode Enabled

Django is a free and open-source Python web application framework which offers a debug mode which allows developers to get additional information to help troubleshooting their applications including stack traces on error pages, exposing variables defined in your Django settings. A remote...

[SECURITY] Fedora 38 Update: python-django3-3.2.25-2.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 40 Update: python-django-4.2.11-2.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

CVE-2024-29904

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later...

CVE-2024-29904 CodeIgniter4 Language class DoS Vulnerability

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later...

CVE-2024-29904

CVE-2024-29904 affects CodeIgniter4, specifically the Language class. The DoS vulnerability arises from how messages are formatted in the language component, allowing memory exhaustion on the server when processing inputs. The issue is documented across multiple sources (NVD/Red Hat/Veracode and ...

CVE-2024-29904 CodeIgniter4 Language class DoS Vulnerability

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later...

CVE-2024-29041

CVE-2024-29041 – Open Redirect in Express.js . Express.js versions prior to 4.19.0 and all pre-release 5.0 alpha/beta are affected by an open redirect via user-provided redirect URLs. The flaw stems from encodeurl usage in res.location()/res.redirect(), allowing bypass of allowlists in redirectio...

Fedora: Security Advisory (FEDORA-2024-2e802cdb4b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mojolicious 安全漏洞

Mojolicious is a Perl-based real-time web framework. A security vulnerability exists in Mojolicious versions prior to 7.66, which stems from a possible cookie leak in the Mojo module...

Kossy Security Breach

Kossy is a web application framework developed by Masahiro Nagano, an individual developer in Japan. A security vulnerability exists in Kossy module version 0.60, which stems from mishandling of X-Requested-Wise, allowing an attacker to perform JSON hijacking...

Symfony Security Vulnerabilities

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony. An attacker can exploit this vulnerability to remotely execute PHP commands...

[SECURITY] Fedora 38 Update: python-fastapi-0.99.0-7.fc38

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

CVE-2024-27302

go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...

Design/Logic Flaw

go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...

CVE-2024-27302 Authorization Bypass Through User-Controlled Key in go-zero

go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...

CVE-2024-27302

Go-zero (web/RPC framework) contains a CORS Filter vulnerability where isOriginAllowed uses strings.HasSuffix, enabling bypass by a malicious domain. This can break the CORS policy and allow a page to make requests or retrieve data on behalf of other users. The issue affects the configurable allo...

BIT-CODEIGNITER-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

BIT-CODEIGNITER-2022-23556

CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...

BIT-CODEIGNITER-2022-24712

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...