44 matches found
Withdrawn: Code Injection in loguru
Withdrawn This advisory has been withdrawn after the maintainers of loguru noted this issue is not a security vulnerability and the CVE has been revoked. We have stopped Dependabot alerts regarding this issue. Original Description In versions of loguru up to and including 0.5.3 a lack of...
in delgan/loguru
Description Loguru is vulnerable to log injection on all logging methods as it is possible to inject newlines "\n" which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result Proof of Concept from loguru...
Privilege Escalation
loguru is vulnerable to privilege escalation. A remote unauthenticated attacker is able to access the sensitive information stored on the log file, due to the incorrect permissions given at the point of file creation...
aiohttp-init (=0.0.1), airhttprunner (>=3.1.4 <=3.1.6) +152 more potentially affected by CVE-2022-0338 via loguru (>=0.2.4 <=0.5.2)
loguru PYPI version =0.2.4, =3.1.4, =0.1.5, =0.1.1, =2.0.0, =0.2.3, =4.6.4, =2.3.2, =0.39.0, =0.52.0 and more Source cves: CVE-2022-0338 Source advisory: OSV:GHSA-39PH-WR67-J4XQ...
GHSA-39PH-WR67-J4XQ loguru logs sensitive information
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
loguru logs sensitive information
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
CVE-2022-0338
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
CVE-2022-0338
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
DEBIAN-CVE-2022-0338
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
PYSEC-2022-14
Improper Privilege Management in Conda loguru prior to 0.5.3...
CVE-2022-0338
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
Information disclosure
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
aiohttp-init (=0.0.1), airhttprunner (>=3.1.4 <=3.1.6) +152 more potentially affected by CVE-2022-0338 via loguru (>=0.2.4 <=0.5.2)
loguru PYPI version =0.2.4, =3.1.4, =0.1.5, =0.1.1, =2.0.0, =0.2.3, =4.6.4, =2.3.2, =0.39.0, =0.52.0 and more Source cves: CVE-2022-0338 Source advisory: OSV:PYSEC-2022-14...
UBUNTU-CVE-2022-0338
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
PYSEC-2022-14
Improper Privilege Management in Conda loguru prior to 0.5.3...
CVE-2022-0338
CVE-2022-0338 affects Conda’s loguru prior to 0.5.3, with the root cause described as Insertion of Sensitive Information into Log File. The vulnerability leads to potential information disclosure via log files. Affected component is loguru used within Conda; remediation is upgrading to loguru 0.5...
CVE-2022-0338 Insertion of Sensitive Information into Log File in delgan/loguru
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
CVE-2022-0338
Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...
PT-2022-13114 · Loguru +1 · Loguru +1
Name of the Vulnerable Software and Affected Versions: Conda loguru versions prior to 0.5.3 Description: The issue concerns the insertion of sensitive information into log files and improper privilege management in Conda loguru. Recommendations: For versions prior to 0.5.3, update to version 0.5....
loguru 日志信息泄露漏洞
loguru is a Python library. It is used for logging. A log information disclosure vulnerability exists in versions prior to loguru 0.5.3, which stems from improper loguru privilege management...