29 matches found
Malicious Package
Overview address-validator is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
GHSA-XJ62-87PG-VCV3 Regular Expression Denial of Service in jshamcrest
The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept js var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr = functi...
PT-2019-8300 · Pylons · Pylons Colander
Name of the Vulnerable Software and Affected Versions: Pylons Colander versions prior to 1.7 Description: The issue allows an attacker to potentially cause a denial of service via an unclosed parenthesis in the URL validator, which can lead to an infinite loop. Recommendations: For versions prior...
address-validator.net XSS vulnerability
Open Bug Bounty ID: OBB-457890 Description| Value ---|--- Affected Website:| address-validator.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
The vulnerability of the Apache Struts software platform, which allows a hacker to trigger a service failure
The vulnerability of the URLValidator class in the Apache Struts software framework exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure by using a null value in the URL field...
Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04089)
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...
DEBIAN-CVE-2015-5144
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...
PYSEC-2015-10
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...
PYSEC-2015-10
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...