183 matches found
CVE-2019-14322
CVE-2019-14322 : Pallets Werkzeug before 0.15.5 is vulnerable to directory traversal via SharedDataMiddleware mishandling drive names (e.g., C:) in Windows pathnames. Exploitation could allow remote attackers to view arbitrary files on the system by crafting a URL with Windows drive references. P...
CVE-2019-14322
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names such as C: in Windows pathnames...
PT-2019-13607
Name of the Vulnerable Software and Affected Versions Pallets Werkzeug versions prior to 0.15.5 Description The issue is related to how SharedDataMiddleware handles drive names, such as C:, in Windows pathnames. This mishandling can lead to potential security issues. Recommendations For versions...
Amazon Linux 2 : python-jinja2 (ALAS-2019-1223)
In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisory ALAS-2019-1223. include'compat.inc'; if description scriptid126831; scriptversion"1.3";...
GHSA-5WV5-4VPF-PJ6M Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...
CVE-2019-1010083
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...
CVE-2019-1010083
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...
Code injection
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...
PYSEC-2019-179
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...
PYSEC-2019-179
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...
CVE-2019-1010083
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...
CVE-2019-1010083
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...
CVE-2019-1010083
CVE-2019-1010083 affects the Pallets Project Flask before 1.0, where crafted encoded JSON data can cause unexpected memory usage leading to denial of service. The fix is upgrading to Flask 1.0 (or later). This entry may overlap with CVE-2018-1000656 per multiple sources.
Important: python-jinja2
Issue Overview: In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 Affected Packages: python-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Ru...
Important: python-jinja2
Issue Overview: In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 Affected Packages: python-jinja2 Issue Correction: Run yum update python-jinja2 or yum update --advisory ALAS-2019-1223 to update your system. New Packages: noarch: python26-jinja2-2.7.2-3.16.amzn1.noarch ...
python-jinja2: Sandbox escape due to information disclosure via str.format
A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...
python-jinja2: Sandbox escape due to information disclosure via str.format
A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...
python-jinja2: Sandbox escape due to information disclosure via str.format
A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...