Lucene search
K

46 matches found

RedHat Linux
RedHat Linux
added 2020/03/23 8:54 a.m.3 views

Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

The Mozilla Foundation Security Advisory describes this flaw as: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it...

8.8CVSS7.4AI score0.03191EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/03/23 8:41 a.m.3 views

Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

The Mozilla Foundation Security Advisory describes this flaw as: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it...

8.8CVSS7.4AI score0.03191EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/03/23 8:32 a.m.4 views

Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

The Mozilla Foundation Security Advisory describes this flaw as: The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it...

8.8CVSS7.4AI score0.03191EPSS
Exploits1References5
OSV
OSV
added 2020/03/11 12:0 a.m.4 views

UBUNTU-CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...

8.8CVSS7.4AI score0.03191EPSS
Exploits1References7
Atlassian
Atlassian
added 2019/03/29 2:29 p.m.30 views

Copying and pasting Status Macro (or TOC Macro) over https triggers mixed content and breaks certificate trust

h3. Issue Summary Copying and pasting a status macro or TOC over https in the browser will trigger mix content action, it will break the certificate trust on request of: Status macro plugins/servlet/status-macro/placeholder?title=titlehere&colour=Yellow TOC macro...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/08/04 1:6 p.m.33 views

Workbox Plugin loads full HTML of JIRA comment, leads to GC loop of death on large comment

To reproduce: start Confluence with GC logging enabled optional, but helps Link Confluence and JIRA create an issue in JIRA watch it add a large comment to the JIRA issue, e.g. paste a 7.7MB log file between \code\ tags open the workbox in Confluence optional: in network tab of web developer tool...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder