CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

CVE-2024-22199

The CVE-2024-22199 entry concerns Cross-site Scripting (XSS) in the GoFiber Django template engine (github.com/gofiber/template/django/v3) used with Fiber. Root cause is improper handling of user-supplied data via the Views interface, enabling XSS unless autoescaping is enforced. A patch has been...

CVE-2024-21631

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

CVE-2024-21631 Integer overflow in URI leading to potential host spoofing

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

CVE-2024-21631

CVE-2024-21631 : Vapor’s vapor_urlparser_parse uses 16‑bit indices when parsing URI components, which may overflow for untrusted inputs and enable host spoofing in affected apps that use Vapor’s URI type. This affects versions prior to 4.90.0; 4.90.0 contains a patch. Workarounds include validati...

CVE-2024-21631 Integer overflow in URI leading to potential host spoofing

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

The vulnerability of the Spring Boot web application framework, related to improper resource cleanup or release, allows attackers to trigger service failures.

The vulnerability of the Spring Boot web application framework lies in improper resource cleanup or release mechanisms. Exploiting this vulnerability allows an attacker to trigger a service failure through a specially crafted HTTP request...

CVE-2023-50710

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

Design/Logic Flaw

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

CVE-2023-50710

Summary: CVE-2023-50710 affects the Hono web framework (TypeScript). Before v3.11.7, when using TrieRouter, a client could override named path parameters from a previous request, potentially causing a privileged user to use unintended parameters when deleting REST API resources. The issue is miti...

CVE-2023-50710 Hono's named path parameters can be overridden in TrieRouter

Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...

CVE-2023-49803

The CVE concerns the @koa/cors middleware for koa (Node.js). Before version 5.0.0, if an allowed origin is not provided, the middleware returns Access-Control-Allow-Origin with the request’s origin, effectively bypassing the browser’s Same-Origin Policy and exposing cross-origin data as described...

CVE-2023-49803 @koa/cors has overly permissive origin policy

@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...

Ajax.NET Professional Cross-Site Scripting Vulnerability

Ajax.NET Professional was one of the first AJAX frameworks available for Microsoft ASP.NET. A cross-site scripting vulnerability exists in versions of Ajax.NET Professional prior to 21.12.22.1, which is vulnerable to cross-site scripting attacks...

CVE-2023-47130

The CVE-2023-47130 entry concerns yiisoft/yii (PHP framework). Affected: yiisoft/yii

ALSA-2023:6523 Moderate: python-tornado security update

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations CVE-2023-28370 For more details...

Fedora: Security Advisory (FEDORA-2023-a67af7d8f4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: python-django-4.2.6-1.fc39

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...