Lucene search
K

186 matches found

RedHat Linux
RedHat Linux
added 2025/04/07 3:15 p.m.3 views

cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...

7.5CVSS7.3AI score0.02303EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/04/07 10:54 a.m.4 views

cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...

7.5CVSS7.3AI score0.02303EPSS
Exploits1References7
OSV
OSV
added 2025/03/06 12:31 a.m.0 views

GHSA-8HMV-92WM-39CH Jenkins Open Redirect vulnerability

Various features in Jenkins redirect users to partially user-controlled URLs inside Jenkins. To prevent open redirect vulnerabilities, Jenkins limits redirections to safe URLs neither absolute nor scheme-relative/network-path reference. In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier,...

4.3CVSS5.8AI score0.00581EPSS
Exploits0References4
OSV
OSV
added 2025/01/09 1:15 a.m.6 views

ALPINE-CVE-2024-37372

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...

3.6CVSS6.9AI score0.00477EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.5 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment open-sourced by Node.js. Node.js suffers from a security vulnerability that stems from the permissions model's assumption that any path beginning with two backslashes has an ignorable four-character prefix, a subtle error th...

3.6CVSS6.2AI score0.00477EPSS
Exploits0References4
OSV
OSV
added 2024/10/08 4:16 p.m.4 views

CLSA-2024-1728404213 python2: Fix of CVE-2024-7592

CVE-2024-7592: fix quadratic complexity in parsing cookies with backslashes...

7.5CVSS6.7AI score0.02303EPSS
Exploits1References1
OSV
OSV
added 2024/10/04 7:47 p.m.4 views

CLSA-2024-1728071268 python2: Fix of CVE-2024-7592

CVE-2024-7592: fix quadratic complexity in parsing cookies with backslashes...

7.5CVSS6.7AI score0.02303EPSS
Exploits1References1
OSV
OSV
added 2024/10/03 6:22 p.m.5 views

CLSA-2024-1727979765 python3.9: Fix of 2 CVEs

CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...

7.5CVSS6.7AI score0.02303EPSS
Exploits3References1
SUSE CVE
SUSE CVE
added 2024/08/23 2:37 a.m.2 views

SUSE CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

2.6CVSS7AI score0.02303EPSS
Exploits1References31
OSV
OSV
added 2024/08/19 7:15 p.m.3 views

ALPINE-CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS7AI score0.02303EPSS
Exploits1References1
OSV
OSV
added 2024/08/19 7:15 p.m.7 views

AZL-48036 CVE-2024-7592 affecting package tensorflow for versions less than 2.16.1-6

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS6.8AI score0.02303EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2024/08/19 7:6 p.m.31 views

CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS7.3AI score0.02303EPSS
Exploits1
Cvelist
Cvelist
added 2024/08/19 7:6 p.m.34 views

CVE-2024-7592 Quadratic complexity parsing cookies with backslashes

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

0.02303EPSS
Exploits1References10
OSV
OSV
added 2024/08/19 7:6 p.m.24 views

PSF-2024-9

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS6.8AI score0.02303EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2024/07/10 3:27 a.m.5 views

SUSE CVE-2024-37372

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...

3.6CVSS8.6AI score0.00477EPSS
Exploits0References6
PyPA
PyPA
added 2024/06/06 7:16 p.m.8 views

PYSEC-2024-108

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...

7.5CVSS6.4AI score0.00881EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.3 views

PT-2024-33236 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.5.0 Description: A path traversal vulnerability exists due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read...

8.7CVSS7.3AI score0.00881EPSS
Exploits1References10
RustSec
RustSec
added 2024/05/22 12:0 p.m.8 views

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS8AI score0.00816EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/04/20 2:27 a.m.3 views

SUSE CVE-2005-3747

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash "%5C" characters. NOTE: this might be the same issue as CVE-2006-2758...

5CVSS7.2AI score0.04386EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.3 views

SUSE CVE-2003-1302

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a 1 To or 2 From header with an address that contains a large number of "" backslash characters...

5CVSS7AI score0.01326EPSS
Exploits1References4
Rows per page
Query Builder