30 matches found
EUVD-2022-53402
Malicious code in bioql PyPI...
OESA-2024-1889 python-zipp security update
A pathlib-compatible Zipfile object wrapper. A backport of the Path object. Security Fixes: A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an...
Medium: python3.11-setuptools
Issue Overview: A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as...
SUSE CVE-2024-5569
A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the...
AZL-43198 CVE-2024-5569 affecting package python-zipp for versions less than 3.17.0-3
A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the...
UBUNTU-CVE-2024-5569
A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the...
CVE-2024-5569
A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the...
BIT-GOLANG-2022-32190 Failure to strip relative path components in net/url
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...
golang: net/url: JoinPath does not strip relative path components in all circumstances
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack...
Moderate: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
golang: net/url: JoinPath does not strip relative path components in all circumstances
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack...
SUSE CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...
golang: net/url: JoinPath does not strip relative path components in all circumstances
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack...
Updated golang packages fix security vulnerability
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVE-2022-27664 JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path...
GLSA-202209-26 : Go: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202209-26 Go: Multiple Vulnerabilities - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal...
CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...
DEBIAN-CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...
CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...
Design/Logic Flaw
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...
CVE-2022-32190
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath"https://go.dev", "../go" returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result...