Lucene search
K

3 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:48 p.m.7 views

Security Bulletin:Werkzeug safe_join function allows path segments with Windows device names containing file extensions or trailing spaces

Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly...

6.3CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 6:38 p.m.4 views

CVE-2026-32237 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint

Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...

4.4CVSS5.9AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2024/12/23 4:15 p.m.6 views

AZL-54650 CVE-2024-56201 affecting package python-jinja2 for versions less than 3.0.3-5

Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability...

8.8CVSS7.5AI score0.00301EPSS
Exploits0References1
Rows per page
Query Builder