3 matches found
Security Bulletin:ACE Vulnerability in QOS.CH Logback-core 1.5.24: Class Instantiation via Compromised Configuration File
Summary ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a...
Security Bulletin: Promise based HTTP client for the browser and node.js
Summary Axios is vulnerable to Regular Expression Denial of Service ReDoS. When a manipulated string is provided as input to the format method, the regular expression exhibits a time complexity of On^2. Server becomes unable to provide normal service due to the excessive cost and time wasted in...
Security Bulletin: User can inject the suspected code via URL passed
Summary A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to cod...