16 matches found
CRLF Injection
Litestar is vulnerable to CRLF Injection. The vulnerability is due to unescaped URL paths during exception logging, which allows an attacker to inject newline characters and forge or manipulate log entries...
Remote Code Execution (RCE)
org.apache.dubbo:dubbo is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure deserialization handling in hessian-lite during exception logging, which allows an attacker to execute malicious code through crafted serialized data...
EUVD-2021-19561
Malware in sbrugna...
EUVD-2025-29452
Malicious code in bioql PyPI...
EUVD-2022-6036
Malicious code in bioql PyPI...
Litestar has potential log injection in exception logging
Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...
GHSA-674P-XV2X-RF3G Litestar has potential log injection in exception logging
Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...
Improper Output Neutralization for Logs
Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the exception logging process. An attacker can manipulate log files and forge log entries by...
PT-2025-34323 · Pypi · Litestar
Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or log exceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats...
Exception logging in Sharepoint app reveals clear-text connection details
None...
Nextcloud: Exception logging in Sharepoint app reveals clear-text connection details
Summary: On Exceptions thrown in the context of the SharePoint app, connection credentials may be written to the Nextcloud log in clear text. Steps To Reproduce: Attempt to configure a sharepoint mount in an erroneous way. Supporting Material/References: was files publically:...
Huawei HarmonyOS Exception Logging Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which stems from configuration and other errors in the network system or product during operation. An...
Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs
The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...
Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs
The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...
CVE-2012-2712
Multiple cross-site scripting XSS vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 2605)
This kernel update fixes the following security problems : - The ftdisio driver allowed local users to cause a denial of service memory consumption by writing more data to the serial port than the hardware can handle, which causes the data to be queued. This requires this driver to be loaded, whi...