CVE-2023-46240

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...

Code injection

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...

CVE-2023-46240

Summary: CVE-2023-46240 affects CodeIgniter 4 prior to 4.4.3. When an error or exception occurs, a detailed error report can be displayed in production, potentially leaking confidential information. Impact: information disclosure due to verbose error reporting in production. Affected component: C...

CVE-2023-46240 CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...

SUSE CVE-2020-0603

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'...

The vulnerability of the Django web application framework, related to the inefficient complexity of regular expressions, allows attackers to trigger a service failure.

The vulnerability of the Django web application framework relates to regular expressions for text trimming, which have linear complexity in their reverse path computation, potentially leading to slow performance. Exploiting this vulnerability could allow a remote attacker to cause service...

CVE-2023-46137 twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

CVE-2023-46137

Twisted (event-based Python framework) is affected by CVE-2023-46137: before 23.10.0rc1, sending multiple HTTP requests in a single TCP packet could cause twisted.web to process them out of order, enabling an attacker-controlled endpoint to delay a response and manipulate the second response in a...

Fedora: Security Advisory for python-django (FEDORA-2023-9d36d373f1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: python-django-4.1.12-1.fc37

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

CVE-2023-45128

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...

CVE-2023-45141

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...

Cross site request forgery (csrf)

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...

Cross site request forgery (csrf)

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...

CVE-2023-45141

CVE-2023-45141 affects the Go framework fiber (Fiber). The CSRF token validation vulnerability arises from improper validation/enforcement of CSRF tokens, with tokens not tied to the original requester allowing token reuse and forged actions. Affected data paths include token handling in fiber/v2...

CVE-2023-45141 CSRF Token Validation Vulnerability in fiber

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...

CVE-2023-45128

CVE-2023-45128 affects the Fiber (Go) web framework. The CSRF flaw stems from improper validation/enforcement of CSRF tokens, enabling forged requests without authentication and potentially impacting user actions and data. The issue is addressed in Fiber v2.50.0; upgrading to that version (or lat...

Ubuntu 18.04 ESM / 20.04 ESM : Symfony vulnerabilities (USN-5290-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5290-1 advisory. James Isaac and Mathias Brodala discovered that Symfony incorrectly handled switch users functionality. An attacker could possibly use this...

[SECURITY] Fedora 38 Update: python-django-4.1.12-1.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

File upload vulnerability in mojoPortal

mojoPortal is a cross-platform object-oriented web framework . A file upload vulnerability exists in mojoPortal, which can be exploited by a remote attacker to submit a special request that can upload malicious files and execute arbitrary code in the context of the application...