5 matches found
CVE-2020-7694
This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request craft...
aiida-graphql (>=0.0.1 <=0.0.2), annhub-python (>=0.1.5 <=0.1.6) +31 more potentially affected by CVE-2020-7694 via uvicorn (>=0.10.0 <=0.11.5)
uvicorn PYPI version =0.10.0, =0.0.1, =0.1.5, =1.0.0, =22.70.0, =0.31.0, =0.0.14, =0.8.0, =2.0.0, =1.0.0a1, =0.0.2, =0.0.1a0, =0.0.1a1 and more Source cves: CVE-2020-7694 Source advisory: OSV:PYSEC-2020-150...
CVE-2020-7694 Log Injection
This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request craft...
CVE-2020-7694
This CVE affects all versions of uvicorn. The request logger is vulnerable to ASNI escape sequence injection: when handling HTTP requests, the logger logs the URL after urllib.parse.unquote processes percent-encoded characters, enabling special-meaning ANSI codes to affect terminal emulators disp...
aiida-graphql (>=0.0.1 <=0.0.2), annhub-python (>=0.1.5 <=0.1.6) +31 more potentially affected by CVE-2020-7694 via uvicorn (>=0.10.0 <=0.11.5)
uvicorn PYPI version =0.10.0, =0.0.1, =0.1.5, =1.0.0, =22.70.0, =0.31.0, =0.0.14, =0.8.0, =2.0.0, =1.0.0a1, =0.0.2, =0.0.1a0, =0.0.1a1 and more Source cves: CVE-2020-7694 Source advisory: SNYK:PYTHON-UVICORN-575560...