30 matches found
Design/Logic Flaw
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...
CVE-2020-24584
CVE-2020-24584 affects Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (with Python 3.7+). The intermediate-level directories of the filesystem cache used the system umask instead of 0o077. This can enable permission exposure; on Arch Linux advisories this was described as allow...
CVE-2020-24584
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...
CVE-2020-24584
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...
CVE-2020-24584
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...
UBUNTU-CVE-2020-24584
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077...
Fedora 29 : python38 (2019-d58eb75449)
This is a beta preview of Python 3.8 Python 3.8 is still in development. This release, 3.8.0b4 is the last of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to...
Security update for python-Jinja2 (moderate)
openSUSE Security Update: Security update for python-Jinja2 Announcement ID: openSUSE-SU-2019:0244-1 Rating: moderate References: 858239 Cross-References: CVE-2014-0012 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that fixes one vulnerability is now available...
gVisor runsc Guest -> Host Breakout Via Filesystem Cache Desync
Exploit for linux platform in category dos / poc gVisor runsc guest-host breakout via filesystem cache desync The following writeup describes an attack that can be used to overwrite files in the host filesystem /etc/crontab in my PoC from inside a Docker container that uses gVisor's runsc. I test...
PYSEC-2014-82
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402...