57 matches found
CVE-2016-10893
The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests...
EUVD-2021-1793
Malware in sbrugna...
EUVD-2023-54732
Malicious code in bioql PyPI...
EUVD-2022-49942
Malicious code in bioql PyPI...
CVE-2023-4893
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
CVE-2022-47167
Cross-Site Request Forgery CSRF vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin = 2.8.4 versions...
CVE-2020-35889
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike...
GHSA-XFHW-6MC4-MGXF crayon: ObjectPool creates uninitialized memory when freeing objects
As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...
crayon-audio (>=0.6.0 <=0.7.1) potentially affected by unknown CVE via crayon (>=0.6.0 <=0.7.1)
crayon CARGO version =0.6.0, =0.6.0, =0.7.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XFHW-6MC4-MGXF...
crayon: ObjectPool creates uninitialized memory when freeing objects
As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...
crayon-audio (>=0.6.0 <=0.7.1) potentially affected by unknown CVE via crayon (>=0.6.0 <=0.7.1)
crayon CARGO version =0.6.0, =0.6.0, =0.7.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0018...
RUSTSEC-2024-0018 ObjectPool creates uninitialized memory when freeing objects
As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...
CVE-2023-4893
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
CVE-2023-4893
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
Server side request forgery (ssrf)
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
CVE-2023-4893 Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
CVE-2023-4893 Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
CVE-2023-4893
The CVE-2023-4893 entry concerns the Crayon Syntax Highlighter WordPress plugin. A SSRF vulnerability exists via the crayon shortcode in versions up to and including 2.8.4, allowing authenticated attackers with contributor-level permissions or higher to make web requests from the affected site to...
WordPress plugin Crayon Syntax Highlighter Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Server Side Request Forgery (SSRF)
Software Crayon Syntax Highlighter Type Plugin Vulnerable versions = 2.8.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-4893 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 21b930dce2bc Credits Lana Codes...