773 matches found
[SECURITY] Fedora 36 Update: GitPython-3.1.30-1.fc36
GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...
[SECURITY] Fedora 37 Update: GitPython-3.1.30-1.fc37
GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...
CVE-2022-23485
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...
Design/Logic Flaw
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...
PYSEC-2022-43011
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...
CVE-2022-23485
CVE-2022-23485 affects the Sentry Python library prior to 22.11.0. An attacker with a known valid invite link could manipulate a cookie to reuse the same invite across multiple accounts when joining an organization, enabling creation of multiple users and unauthorized organization membership. The...
CVE-2022-23485 Invite code reuse via cookie manipulation in sentry
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...
CVE-2022-23485 Invite code reuse via cookie manipulation in sentry
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...
GHSA-M8XW-9X5X-6VH3 py7zr directory traversal vulnerability
A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...
CVE-2022-44900
A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...
CVE-2022-44900
A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...
Directory traversal
A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...
CVE-2022-44900
A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...
CVE-2022-44900
A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...
CVE-2022-44900
CVE-2022-44900 : A directory traversal vulnerability in the Python py7zr library (v0.20.0 and earlier) affects SevenZipFile.extractall(), allowing an attacker to write arbitrary files when extracting crafted 7z archives. The issue is documented across multiple advisories (Ubuntu, Debian, OpenVAS,...
CVE-2022-44900
A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...
Unblob - Extract Files From Any Kind Of Container Formats
unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats , extracts their content recursively , and carves out unknown chunks that have not been accounted for. Unblob is free to use ,...
aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +453 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)
gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: SNYK:PYTHON-GITPYTHON-3113858...
CVE-2022-44053
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-42969
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled...