Lucene search
K

183 matches found

CVE
CVE
added 2019/07/28 12:36 p.m.269 views

CVE-2019-14322

CVE-2019-14322 : Pallets Werkzeug before 0.15.5 is vulnerable to directory traversal via SharedDataMiddleware mishandling drive names (e.g., C:) in Windows pathnames. Exploitation could allow remote attackers to view arbitrary files on the system by crafting a URL with Windows drive references. P...

7.5CVSS7.3AI score0.55526EPSS
Exploits7References2Affected Software1
Cvelist
Cvelist
added 2019/07/28 12:36 p.m.22 views

CVE-2019-14322

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names such as C: in Windows pathnames...

7.5AI score0.55526EPSS
Exploits7References2
Positive Technologies
Positive Technologies
added 2019/07/28 12:0 a.m.6 views

PT-2019-13607

Name of the Vulnerable Software and Affected Versions Pallets Werkzeug versions prior to 0.15.5 Description The issue is related to how SharedDataMiddleware handles drive names, such as C:, in Windows pathnames. This mishandling can lead to potential security issues. Recommendations For versions...

7.5CVSS7.1AI score0.55526EPSS
Exploits7References13
Tenable Nessus
Tenable Nessus
added 2019/07/22 12:0 a.m.30 views

Amazon Linux 2 : python-jinja2 (ALAS-2019-1223)

In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux 2 Security Advisory ALAS-2019-1223. include'compat.inc'; if description scriptid126831; scriptversion"1.3";...

8.6CVSS8.7AI score0.03492EPSS
Exploits0References2
OSV
OSV
added 2019/07/19 4:12 p.m.57 views

GHSA-5WV5-4VPF-PJ6M Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...

8.7CVSS7.4AI score0.01884EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2019/07/19 4:12 p.m.43 views

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...

7.5CVSS7.5AI score0.01884EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2019/07/19 12:0 a.m.39 views

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...

7.5CVSS7.4AI score0.03855EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2019/07/17 2:15 p.m.25 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS7.5AI score0.01884EPSS
Exploits1References1
OSV
OSV
added 2019/07/17 2:15 p.m.33 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS7.5AI score
Exploits0References1
Prion
Prion
added 2019/07/17 2:15 p.m.25 views

Code injection

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

5CVSS7.4AI score0.03855EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2019/07/17 2:15 p.m.8 views

PYSEC-2019-179

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS6.9AI score0.03855EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/07/17 2:15 p.m.63 views

PYSEC-2019-179

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS5.9AI score0.01884EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/07/17 2:15 p.m.44 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS6.7AI score0.01884EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/07/17 1:59 p.m.33 views

CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.4AI score0.01884EPSS
Exploits1References1
CVE
CVE
added 2019/07/17 1:59 p.m.117 views

CVE-2019-1010083

CVE-2019-1010083 affects the Pallets Project Flask before 1.0, where crafted encoded JSON data can cause unexpected memory usage leading to denial of service. The fix is upgrading to Flask 1.0 (or later). This entry may overlap with CVE-2018-1000656 per multiple sources.

7.5CVSS7.3AI score0.01884EPSS
Exploits1References1Affected Software1
Amazon
Amazon
added 2019/06/11 12:0 a.m.33 views

Important: python-jinja2

Issue Overview: In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 Affected Packages: python-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Ru...

8.6CVSS8.9AI score0.03492EPSS
Exploits0
Amazon
Amazon
added 2019/06/11 12:0 a.m.222 views

Important: python-jinja2

Issue Overview: In Pallets Jinja, str.format allows a sandbox escape. CVE-2016-10745 Affected Packages: python-jinja2 Issue Correction: Run yum update python-jinja2 or yum update --advisory ALAS-2019-1223 to update your system. New Packages: noarch: python26-jinja2-2.7.2-3.16.amzn1.noarch ...

8.6CVSS8.9AI score0.03492EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/05/22 12:3 p.m.11 views

python-jinja2: Sandbox escape due to information disclosure via str.format

A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...

8.6CVSS7.2AI score0.03492EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/16 12:57 p.m.7 views

python-jinja2: Sandbox escape due to information disclosure via str.format

A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...

8.6CVSS7.2AI score0.03492EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/07 5:13 p.m.6 views

python-jinja2: Sandbox escape due to information disclosure via str.format

A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...

8.6CVSS7.2AI score0.03492EPSS
Exploits0References5
Rows per page
Query Builder