19 matches found
MiracleLinux 4 : python27-python-2.7.16-6.0.1.AXS4 (AXSA:2019-3987:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3987:01 advisory. python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc CVE-2019-10160 python: undocumented localfile protocol...
SUSE CVE-2019-10856
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies,...
Important: Red Hat Security Advisory: python27-python security update
An update for python27-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies,...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
python: Information Disclosure due to urlsplit improper NFKC normalization
It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...
Jupyter Notebook Open Redirect Vulnerability
Jupyter Notebook is an open source web application that lets you create and share documents containing live code, equations, visualizations, and narrative text. An open redirection vulnerability exists in Jupyter Notebook versions prior to 5.7.8. An attacker can exploit this vulnerability via emp...
PYSEC-2019-158
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...
Open redirect
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...
PYSEC-2019-158
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...
PT-2019-12060 · Project Jupyter +2 · Jupyter Notebook +2
Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 5.7.8 Description: The issue is related to an open redirect that can occur due to an empty netloc. This problem exists because of an incomplete fix for a previously identified issue. Recommendations: For...
Django two url jump vulnerability analysis: CVE-2017-7233&7234-vulnerability warning-the black bar safety net
! Django official News&Event in the 4 on 4, released a security update that fixes two URL jump loopholes, one is the urlparse pot, the other by long Dinh tech security researcher phithon report, are very beautiful. Because there are replicate Django vulnerability of habit, the evening pumping up...
Django is_safe_url() the URL to jump to the filter function of the Bypass(CVE-2017-7233)
Source: same thread safety Emergency Response Center Author: Nearg1e@YSRC Foreign security researcher roks0n provided to the Django official of a vulnerability. On issafeurl function Django comes with a function: django. utils. http. issafeurlurl, host=None, allowedhosts=None, requirehttps=False...