186 matches found
cpython: python: Uncontrolled CPU resource consumption when in http.cookies module
A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...
cpython: python: Uncontrolled CPU resource consumption when in http.cookies module
A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...
GHSA-8HMV-92WM-39CH Jenkins Open Redirect vulnerability
Various features in Jenkins redirect users to partially user-controlled URLs inside Jenkins. To prevent open redirect vulnerabilities, Jenkins limits redirections to safe URLs neither absolute nor scheme-relative/network-path reference. In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier,...
ALPINE-CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment open-sourced by Node.js. Node.js suffers from a security vulnerability that stems from the permissions model's assumption that any path beginning with two backslashes has an ignorable four-character prefix, a subtle error th...
CLSA-2024-1728404213 python2: Fix of CVE-2024-7592
CVE-2024-7592: fix quadratic complexity in parsing cookies with backslashes...
CLSA-2024-1728071268 python2: Fix of CVE-2024-7592
CVE-2024-7592: fix quadratic complexity in parsing cookies with backslashes...
CLSA-2024-1727979765 python3.9: Fix of 2 CVEs
CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...
SUSE CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
ALPINE-CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
AZL-48036 CVE-2024-7592 affecting package tensorflow for versions less than 2.16.1-6
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
PSF-2024-9
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
SUSE CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
PYSEC-2024-108
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse...
PT-2024-33236 · Parisneo · Lollms
Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.5.0 Description: A path traversal vulnerability exists due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read...
Traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
SUSE CVE-2005-3747
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash "%5C" characters. NOTE: this might be the same issue as CVE-2006-2758...
SUSE CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a 1 To or 2 From header with an address that contains a large number of "" backslash characters...