19 matches found
Astra Linux - уязвимость в jinja2
This issue affects the Jinja2 package versions starting from 0.0.0 and earlier than 2.11.3. The ReDoS vulnerability is primarily caused by the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable, as it is used to search for trailing punctuatio...
CVE-2025-13742
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...
EUVD-2016-1697
Malware in sbrugna...
EUVD-2022-41840
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-10515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. CVE-2016-10515 Note that...
CVE-2022-39380 wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering
Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it...
Wire 安全漏洞
Wire is a chat program from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos as well as its original greeting method PING. A security vulnerability exists in versions of the Wire web-app prior to...
PT-2023-13724 · Wire · Wire
Name of the Vulnerable Software and Affected Versions: Wire web-app versions prior to 2022-11-02 Description: The issue is related to Improper Handling of Exceptional Conditions in the Wire web-app. Certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HT...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
AZL-40857 CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
ALPINE-CVE-2020-28493
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
AZL-75813 CVE-2020-28493 affecting package nodejs24 for versions less than 24.13.0-1
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
PYSEC-2021-66
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
OPENSUSE-SU-2020:1478-1 Security update for fossil
This update for fossil fixes the following issues: - fossil 2.12.1: CVE-2020-24614: Remote authenticated users with check-in or administrative privileges could have executed arbitrary code boo1175760 Security fix in the 'fossil git export' command. New 'safety-net' features were added to prevent...
Redmine cross-site scripting vulnerability (CNVD-2017-31961)
Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in the Textile and Markdown text formatting and project hom...
UBUNTU-CVE-2016-10515
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages...
DEBIAN-CVE-2016-10515
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages...