21 matches found
EUVD-2023-0828
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-28117
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentr...
CVE-2025-48383
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2023-28117
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
GHSA-5XH2-23CC-5JC6 Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...
Insufficient Type Distinction
Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Insufficient Type Distinction in the relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. An attacker can access unauthorized data by queryin...
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node...
Cross-Site Request Forgery (CSRF) in strawberry-graphql
Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...
GHSA-79GP-Q4WV-33FR Cross-Site Request Forgery (CSRF) in strawberry-graphql
Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...
PYSEC-2024-171
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...
FreeBSD : py39-sentry-sdk -- sensitive cookies leak (15dae5cc-9ee6-4577-a93e-2ab57780e707)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 15dae5cc-9ee6-4577-a93e-2ab57780e707 advisory. - Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the...
CVE-2023-28117
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
Design/Logic Flaw
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
CVE-2023-28117
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
CVE-2023-28117
CVE-2023-28117 affects the Sentry SDK for Python (Django integration) prior to 1.14.0. When sendDefaultPII is True and a custom SESSION_COOKIE_NAME or CSRF_COOKIE_NAME is used, cookies (including session cookies) can be leaked to Sentry, potentially enabling impersonation or privilege escalation ...
CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Impact When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...
GHSA-29PR-6JR8-Q5JM Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Impact When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...