11 matches found
EUVD-2025-20997
Malicious code in bioql PyPI...
EUVD-2024-3462
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-12397
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an...
CVE-2025-27219
CVE-2025-27219 : In the CGI gem for Ruby, the CGI::Cookie.parse method (Ruby CGI library) has a Denial of Service vulnerability due to no limit on the length of the raw cookie value processed. This can lead to excessive resource consumption when parsing extremely large cookies. Connected referenc...
BIT-PYTHON-MIN-2024-7592 Quadratic complexity parsing cookies with backslashes
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-790)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-790 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot...
CVE-2024-12397
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorize...
AZL-53624 CVE-2024-52804 affecting package python-tornado 6.2.0-1
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...
undertow: Cookie Smuggling/Spoofing
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized da...
GHSA-PX8H-6QXV-M22Q Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain. Werkzeug = 2.2.2 will parse the cookie =Host-test=bad as...
CVE-2023-23934 Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...