8 matches found
Sensitive Data Exposure
django-helpdesk is vulnerable to Sensitive Data Exposure. The vulnerability is due to insecure file permission settings due to os.umask0 in models.py, allows an attacker to access sensitive files or data that should be protected...
CVE-2018-25111
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask0 in models.py...
django-helpdesk Allows Sensitive Data Exposure
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask0 in models.py...
CVE-2018-25111
django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask0 in models.py...
CVE-2019-17206
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...
PYSEC-2019-116
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...
CVE-2019-17206
The CVE-2019-17206 entry describes an Uncontrolled deserialization of a pickled object in the Frost Ming rediswrapper (Redis Wrapper) code path, specifically in models.py, that existed prior to version 0.3.0. This vulnerability allows an attacker to execute arbitrary scripts due to unsafe pickle ...
Cross-Site Scripting (XSS)
caravel is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javscript via the models.py file due to a lack of escaping escape characters...