Fedora: Security Advisory for python-starlette (FEDORA-2021-e7fabd81fb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

DEBIAN-CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

AZL-44670 CVE-2021-32640 affecting package js-jquery 3.5.0-4

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

Cross site request forgery (csrf)

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in email protected...

UBUNTU-CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

CVE-2021-32640

CVE-2021-32640 affects the Node.js ws library. A specially crafted value in the Sec-Websocket-Protocol header can be used to significantly slow down a ws server (resource consumption). The issue is fixed in [email protected]. In vulnerable versions, mitigation includes reducing the maximum length of HTTP ...

CVE-2021-32640 ReDoS in Sec-Websocket-Protocol header

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

github ws 资源管理错误漏洞

github ws is a software application. An easy-to-use, fast-running and thoroughly tested approach to WebSocket client and server implementations. A security vulnerability exists in versions of ws prior to 7.4.6, which stems from a special value in the "Sec-Websocket-Protocol" header that can be us...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.12 bug fix and security update

Red Hat OpenShift Container Platform release 4.7.12 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.7.12. Red Hat Product Security has rated this update as having a security impact of...

[SECURITY] Fedora 34 Update: python-starlette-0.14.2-6.fc34

Starlette is a lightweight ASGI framework/toolkit, which is ideal for build ing high performance asyncio services. It is production-ready, and gives you the following: Seriously impressive performance. WebSocket support. GraphQL support. In-process background tasks. Startup and shutdown events...

[SECURITY] [DSA 4916-2] prosody regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4916-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2021 https://www.debian.org/security/faq -...

GHSA-3XH2-74W9-5VXM Integer overflow in github.com/gorilla/websocket

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

Integer overflow in github.com/gorilla/websocket

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

Rancher Vulnerable to Cross-site Request Forgery (CSRF)

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

GO-2022-0755 Cross-site request forgery in github.com/rancher/rancher

Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher...

GHSA-XHG2-RVM8-W2JH Rancher Vulnerable to Cross-site Request Forgery (CSRF)

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...