5 matches found
imagemeta 安全漏洞
imagemeta is a Go library by the individual developer Bjørn Erik Pedersen. It is used to read EXIF, IPTC and XMP image metadata from JPEG, TIFF, PNG and WebP files. A security vulnerability exists in versions prior to imagemeta v0.10.0 that stems from an unrestricted number and size of EXIF data...
CVE-2024-45412
Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...
Yeti Platform 安全漏洞
Yeti Platform is a daily threat intelligence platform open-sourced by Yeti Platform. A security vulnerability exists in Yeti Platform versions prior to 2.1.11, which stems from a denial-of-service attack in which remote user-controlled data tags can be Unicode normalized via the compatibility for...
PT-2024-31615 · Yeti · Yeti
Name of the Vulnerable Software and Affected Versions: Yeti versions prior to 2.1.11 Description: The issue concerns a denial of service vulnerability. Remote user-controlled data tags can lead to Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in...
Ruby on Rails: Data-Tags and the New HTML Sanitizer Subverts CSRF protection
Possible XSS vulnerability in rails-html-sanitizer There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2015-7578. Versions Affected: All. Not affected: None. Fixed Versions: 1.0.3 Impact ------ There is a possible XSS...