2 matches found
CVE-2026-48708 OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls...
GHSA-8554-JXCW-454Q Webargs mishandles concurrent JSON parsing
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...