8 matches found
prompts.chat 安全漏洞
prompts.chat is an open-source AI prompt library developed by Fatih Kadir Akın. Previous versions of prompts.chat, such as 7b81836, had security vulnerabilities. These vulnerabilities stemmed from the absence of an isPrivate check, which could allow unauthorized users to access sensitive data...
Server-side Request Forgery (SSRF)
Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in isprivateurl in util/network.py. A user can access internal network resources or sensitive endpoints by supplying...
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...
OESA-2024-1770 golang security update
The Go Programming Language. Security Fixes: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.CVE-2024-24790...
UBUNTU-CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...
AZL-42386 CVE-2024-24790 affecting package msft-golang for versions less than 1.21.6-1
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...