PT-2024-2754 · Undici · Undici

Name of the Vulnerable Software and Affected Versions: Undici versions prior to 6.6.1 Description: The issue is related to the fetch function of the Undici HTTP/1.1 client for Node.js, which can lead to uncontrolled resource consumption. This can be exploited by a remote attacker to cause a denia...

React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2022-41844

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetchint, int, Object, int in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088...

Smarty PHP code injection

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

CVE-2020-19464

An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow...

DEBIAN-CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

UBUNTU-CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

Code injection

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

ThinkSNS任意代码执行漏洞

简要描述： 代码执行漏洞 详细说明： 漏洞文件： /addons/widget/FeedListWidget/FeedlistWidget.class.php 漏洞函数： getData getData函数位于/addons/widget/FeedListWidget/FeedlistWidget.class.php 在第262行处调用renderFile函数进行渲染模版。 private function getData$var, $tpl = 'FeedList.html' $var'feedkey' = t$var'feedkey'; $var'cancomment' =...

UBUNTU-CVE-2012-3420

Multiple memory leaks in Performance Co-Pilot PCP before 3.6.5 allow remote attackers to cause a denial of service memory consumption or daemon crash via a large number of PDUs with 1 a crafted context number to the DoFetch function in pmcd/src/dofetch.c or 2 a negative type value to the pmGetPDU...

Design/Logic Flaw

Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."...

CVE-2007-3628

Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."...

CVE-2007-3628

CVE-2007-3628 affects PEAR Structures-DataGrid-DataSource-MDB2 up to version 0.1.9, specifically the fetch function in MDB2.php. The vulnerability allows attackers to manipulate generated sorting queries. The connected documents confirm the affected component and the general impact, but do not pr...

CVE-2005-3330

The httpsrequest function in Snoopy 1.2, as used in products such as 1 MagpieRSS, 2 WordPress, 3 Ampache, and 4 Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function...

CVE-2005-3330

The httpsrequest function in Snoopy 1.2, as used in products such as 1 MagpieRSS, 2 WordPress, 3 Ampache, and 4 Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function...