14 matches found
EUVD-2022-29984
Malicious code in bioql PyPI...
EUVD-2023-29979
Malicious code in bioql PyPI...
EUVD-2023-29978
Malicious code in bioql PyPI...
CVE-2023-26137
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and...
Design/Logic Flaw
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and...
Crlf injection
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...
CVE-2023-26137
The CVE-2023-26137 entry concerns drogOnframework/drogon (C++) and describes an HTTP Response Splitting vulnerability. Untrusted user input used to build header values in addHeader/addCookie can inject CRLF sequences (\r\n) to terminate HTTP headers and inject malicious content. The threat is des...
CVE-2023-26138
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n carriage return line feeds characters and inject additional headers in the request sent...
CVE-2023-26138
The CVE-2023-26138 entry concerns drogonframework/drogon with a CRLF Injection vulnerability in the addHeader function. Untrusted user input used to set request headers can insert \r\n characters, enabling injection of additional headers into outgoing requests. Several sources (NVD, Red Hat, PRio...
CVE-2022-25297
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...
CVE-2022-25297
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...
Design/Logic Flaw
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...
CVE-2022-25297
CVE-2022-25297 affects the Drogon framework (drogon) before 1.7.5. The vulnerability arises from unsafe handling of file names during uploads in HttpFile::save(), allowing an attacker to write files to arbitrary locations outside the target directory. Impact is partial to high depending on contex...
CVE-2022-25297 Arbitrary File Write
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...