The vulnerability of the os.path.normpath() function in the Python interpreter lies in its ability to bypass permission checks when shortening a path by inserting a zero byte. This allows an attacker to compromise the integrity of the protected information.

The vulnerability of the os.path.normpath function in the Python interpreter relates to the handling of permission lists when shortening a path by inserting a zero byte. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the integrity of protected information...

CVE-2024-42353 WebOb's location header normalization during redirect leads to open redirect

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...

DEBIAN-CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...