5 matches found
CLSA-2024-1730133909 Fix CVE(s): CVE-2023-27043
SECURITY UPDATE: Incorrect parsing of email addresses containing special characters - debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by adding optional 'strict' parameter to getaddresses and parseaddr functions - CVE-2023-27043...
CLSA-2024-1729628050 Fix CVE(s): CVE-2023-27043
SECURITY UPDATE: Incorrect parsing of email addresses containing special characters - debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by adding optional 'strict' parameter to getaddresses and parseaddr functions - debian/patches/fix-urllib2-test.patch: Fix error in...
CLSA-2024-1729627400 Fix CVE(s): CVE-2023-27043
SECURITY UPDATE: Incorrect parsing of email addresses containing special characters - debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by adding optional 'strict' parameter to getaddresses and parseaddr functions - debian/patches/fix-urllib2-test.patch: Fix error in...
private_address_check ruby gem security restriction bypass vulnerability
privateaddresscheck ruby gem is a Ruby-based checking tool for server-side request forgery attacks. A security restriction bypass vulnerability exists in the privateaddresscheck ruby gem prior to version 0.4.0, which stems from the program's use of Ruby's Resolv.getaddresses method. An attacker...
Ruby: Resolv::getaddresses bug that can be abused to bypass security measures.
Description Resolv::getaddresses is OS-dependent, therefore by playing around with different IP formats one can return blank values. This bug can be abused to bypass exclusion lists often used to protect against SSRF. | š» Machine 1 | š» Machine 2 | |--------------|---------------| | ruby 2.3.3p222...