Lucene search
K

44 matches found

Github Security Blog
Github Security Blog
added 2022/01/28 10:1 p.m.26 views

Withdrawn: Code Injection in loguru

Withdrawn This advisory has been withdrawn after the maintainers of loguru noted this issue is not a security vulnerability and the CVE has been revoked. We have stopped Dependabot alerts regarding this issue. Original Description In versions of loguru up to and including 0.5.3 a lack of...

1.6AI score
Exploits0References6Affected Software1
Huntr
Huntr
added 2022/01/27 4:28 a.m.7 views

in delgan/loguru

Description Loguru is vulnerable to log injection on all logging methods as it is possible to inject newlines "\n" which will create a new log entry in the logfile. This can lead to attackers tampering with logs and a loss of integrity of the log files as a result Proof of Concept from loguru...

2AI score0.01268EPSS
Exploits1References2
Veracode
Veracode
added 2022/01/26 5:52 a.m.19 views

Privilege Escalation

loguru is vulnerable to privilege escalation. A remote unauthenticated attacker is able to access the sensitive information stored on the log file, due to the incorrect permissions given at the point of file creation...

4.3CVSS3.5AI score0.00758EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/01/26 12:1 a.m.4 views

aiohttp-init (=0.0.1), airhttprunner (>=3.1.4 <=3.1.6) +152 more potentially affected by CVE-2022-0338 via loguru (>=0.2.4 <=0.5.2)

loguru PYPI version =0.2.4, =3.1.4, =0.1.5, =0.1.1, =2.0.0, =0.2.3, =4.6.4, =2.3.2, =0.39.0, =0.52.0 and more Source cves: CVE-2022-0338 Source advisory: OSV:GHSA-39PH-WR67-J4XQ...

4.3CVSS5.8AI score0.00758EPSS
Exploits1
OSV
OSV
added 2022/01/26 12:1 a.m.2 views

GHSA-39PH-WR67-J4XQ loguru logs sensitive information

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

5.3CVSS5.9AI score0.00758EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/01/26 12:1 a.m.23 views

loguru logs sensitive information

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

4.3CVSS5.9AI score0.00758EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/01/25 9:15 a.m.32 views

CVE-2022-0338

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

4.3CVSS0.00758EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/25 9:15 a.m.7 views

CVE-2022-0338

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

4.3CVSS5.4AI score0.00758EPSS
Exploits1References3
OSV
OSV
added 2022/01/25 9:15 a.m.3 views

DEBIAN-CVE-2022-0338

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

4.3CVSS4.8AI score0.00758EPSS
Exploits1References1
PyPA
PyPA
added 2022/01/25 9:15 a.m.7 views

PYSEC-2022-14

Improper Privilege Management in Conda loguru prior to 0.5.3...

4.3CVSS6.9AI score0.00758EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/01/25 9:15 a.m.22 views

CVE-2022-0338

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

4.3CVSS5.8AI score0.00758EPSS
Exploits1References2
Prion
Prion
added 2022/01/25 9:15 a.m.19 views

Information disclosure

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

4CVSS4.5AI score0.00758EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2022/01/25 9:15 a.m.4 views

aiohttp-init (=0.0.1), airhttprunner (>=3.1.4 <=3.1.6) +152 more potentially affected by CVE-2022-0338 via loguru (>=0.2.4 <=0.5.2)

loguru PYPI version =0.2.4, =3.1.4, =0.1.5, =0.1.1, =2.0.0, =0.2.3, =4.6.4, =2.3.2, =0.39.0, =0.52.0 and more Source cves: CVE-2022-0338 Source advisory: OSV:PYSEC-2022-14...

4.3CVSS5.8AI score0.00758EPSS
Exploits1
OSV
OSV
added 2022/01/25 9:15 a.m.4 views

UBUNTU-CVE-2022-0338

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

4.3CVSS5.8AI score0.00758EPSS
Exploits1References3
OSV
OSV
added 2022/01/25 9:15 a.m.17 views

PYSEC-2022-14

Improper Privilege Management in Conda loguru prior to 0.5.3...

4.3CVSS5.9AI score0.00758EPSS
Exploits1References3
CVE
CVE
added 2022/01/25 9:0 a.m.61 views

CVE-2022-0338

CVE-2022-0338 affects Conda’s loguru prior to 0.5.3, with the root cause described as Insertion of Sensitive Information into Log File. The vulnerability leads to potential information disclosure via log files. Affected component is loguru used within Conda; remediation is upgrading to loguru 0.5...

4.3CVSS4.8AI score0.00758EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/25 9:0 a.m.40 views

CVE-2022-0338 Insertion of Sensitive Information into Log File in delgan/loguru

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

4.3CVSS4.8AI score0.00758EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2022/01/25 9:0 a.m.56 views

CVE-2022-0338

Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3...

4.3CVSS4.5AI score0.00758EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/01/25 12:0 a.m.5 views

PT-2022-13114 · Loguru +1 · Loguru +1

Name of the Vulnerable Software and Affected Versions: Conda loguru versions prior to 0.5.3 Description: The issue concerns the insertion of sensitive information into log files and improper privilege management in Conda loguru. Recommendations: For versions prior to 0.5.3, update to version 0.5....

5.3CVSS4.3AI score0.00758EPSS
Exploits1References16
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.8 views

loguru 日志信息泄露漏洞

loguru is a Python library. It is used for logging. A log information disclosure vulnerability exists in versions prior to loguru 0.5.3, which stems from improper loguru privilege management...

4.3CVSS5AI score0.00758EPSS
Exploits1References3
Rows per page
Query Builder