90 matches found
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
Denial Of Service (DoS)
Django is vulnerable to denial of service DoS. It does not properly handle HTML entities in the function striptags, causing excessive HTMLParser recursions...
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
Django -- multiple vulnerabilities
Django release notes: CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...
openSUSE Security Update : lynx (openSUSE-2017-1332)
This update for lynx fixes the following issues : Security issue fixed : - CVE-2017-1000211: Fix use after free in the HTMLparser that can resulting in memory disclosure bsc1068885. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security...
libxml2 - htmlCurrentChar Heap Buffer Overread
libxml2 - htmlCurrentChar Heap Buffer Overread Source: https://code.google.com/p/google-security-research/issues/detail?id=636 The following crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 2.9.3, released 4 days ago, by feeding a...
libxml2 - xmlDictAddString Heap Buffer Overread
Source: https://code.google.com/p/google-security-research/issues/detail?id=637 The following crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 2.9.3, released 4 days ago, by feeding a malformed file to xmllint "$ ./xmllint --html...
Apple WebKit build 18794 - WebCore Remote Denial of Service
source: https://www.securityfocus.com/bid/22059/info Apple WebKit is prone to a denial-of-service vulnerability. Attackers may exploit this issue by enticing victims into opening a malicious HTML document with an application using the affected framework. Successful exploits will result in...