python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py

A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...

PYSEC-2020-173

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

PT-2020-3018 · Curl +7 · Curl +7

Name of the Vulnerable Software and Affected Versions: curl versions 7.20.0 through 7.70.0 Description: The issue exists due to a logical error in handling the Content-Disposition header of an HTTP response. This can allow a remote attacker to overwrite a local file. The vulnerability is related ...

RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

GHSA-8WX2-9Q48-VM9R RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

Reflected File Download

spring-web is vulnerable to reflected file download. The filename attribute that is derived from the user-supplied Content-Disposition header is not validated and sanitized, potentially resulting in the downloaded content of the response to be saved and executed as a file by the user's browser...

CVE-2020-5398

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

CVE-2020-5398 RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...

CVE-2019-9686

pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U " due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not...

CVE-2019-9686

CVE-2019-9686 affects pacman before 5.1.3. The issue arises when installing a remote package via a URL (pacman -U ): the unsanitized Content-Disposition filename can contain slashes and is used in rename(), enabling a remote attacker to place the file anywhere in the filesystem and potentially ac...

[ASA-201903-7] pacman: arbitrary code execution

Arch Linux Security Advisory ASA-201903-7 ========================================= Severity: High Date : 2019-03-11 CVE-ID : CVE-2019-9686 Package : pacman Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-921 Summary ======= The package pacman before version...

Content Module Denial of Service Vulnerability

The content module is a module for parsing HTTP connection headers. A security vulnerability exists in the content module. An attacker could exploit this vulnerability to cause a denial of service via malicious Content-Type and Content-Disposition headers...

CVE-2017-16111

The content module is a module to parse HTTP Content- headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header...

CVE-2016-5840

hotfixupload.cgi in Trend Micro Deep Discovery Inspector DDI 3.7, 3.8 SP1 3.81, and 3.8 SP2 3.82 allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header...

Apple iOS Webkit Information Disclosure Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A vulnerability in Apple iOS Webkit's handling of the Content-Disposition header that contains type attachments allows attackers to construct malicious web pages that can be parsed by tricking the user in...

UBUNTU-CVE-2015-5921

WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors...

Google Email Application for Android Denial of Service Vulnerability

Google Email Application for Android is a suite of email applications for the Android platform from Google Inc. A security vulnerability in version 4.2.2.0200 of the Google Email Application for Android application allows a remote attacker to send emails containing a specially crafted...

Crashing Google Email App for Android Just By Sending a Malicious Email

A vulnerability has been discovered in the wildly popular Google’s Stock Android Email App, that could be exploited by malicious attackers to remotely crash your smartphone application just by sending a specially crafted email. A Spain security researcher, Hector Marco, successfully exploited the...

CVE-2014-9103

Multiple cross-site scripting XSS vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 index value of an array parameter or the filename parameter in the Content-Disposition header to the 2 file or 3 profile image...