254 matches found
OESA-2024-2475 rubygem-sinatra security update
Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
Arbitrary File Write
mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.httpdatasetsource.py module, when fetching data over HTTP. The Content-Disposition header is used directly to construct the path where the file is saved to, which allows an attack...
CVE-2024-0520
CVE-2024-0520 affects mlflow/mlflow v8.2.1, enabling remote code execution via command injection in mlflow.data.http_dataset_source.py when loading an HTTP URL dataset. The filename gathered from Content-Disposition or URL path is used to form the final file path without proper sanitization, allo...
RHEL 7 : python-pip (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-pip: when --extra-index-url option is used and package does not already exist in the public index,...
DEBIAN-CVE-2023-47272
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...
Roundcube Cross-Site Scripting Vulnerability
Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube versions prior to 1.5.6, 1.6.5, and 1.6.5, which originates from allowing cross-site scripting...
CVE-2023-41318 Unsafe media served inline on download endpoints in matrix-media-repo
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...
PT-2023-27903 · Unknown · Matrix Media Repo
Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions prior to 1.3.0 Description: The issue allows an attacker to upload malicious media to the media repository, which is then served with Content-Disposition: inline upon download. This can be leveraged to execute scrip...
CVE-2023-29401
A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition...
CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
Design/Logic Flaw
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
CVE-2023-29401
CVE-2023-29401 affects the Gin web framework (Context.FileAttachment filename handling). A maliciously crafted filename can make Content-Disposition header use an unexpected name, potentially serving a file with a name different from the one provided. The CVE is scored 4.3 (MEDIUM) with network a...
CVE-2023-29401
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
CVE-2023-29401 Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
Gin 安全漏洞
Gin is a small JavaScript Markdown editor built with Electron by Marius Küng, a personal developer. Gin suffers from a security vulnerability that stems from an improperly cleaned filename parameter in the Context.FileAttachment function, which can be exploited by an attacker to modify the...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...
CVE-2023-29539
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox 112, Focus f...