106 matches found
PT-2022-20460 · Pypi · Waitress
Name of the Vulnerable Software and Affected Versions: Waitress versions 2.1.0 through 2.1.1 Description: Waitress is a Web Server Gateway Interface server for Python 2 and 3. The issue arises when a thread closes a socket while the main thread is about to call select, leading to the main thread...
Twisted 环境问题漏洞
Twisted is an event-driven open source web engine written in the Python language. Twisted suffers from an environmental issue vulnerability that stems from the fact that prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server was located in the Twisted. Web HTTP module, which parses several...
Vimana - An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications
Vimana is a modular security framework designed to audit Python web applications. The base of the Vimana is composed of crawlers focused on frameworks in addition to the generic ones for web, trackers, discovery, fuzzer, parser among other types of modules. The main idea, from where the framework...
datacube-wps (>=0.4.0 <=0.4.8) potentially affected by CVE-2021-39371 via pywps (=4.2.4)
pywps PYPI version =4.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on pywps and may be impacted: - datacube-wps =0.4.0, =0.4.8 Source cves: CVE-2021-39371 Source advisory: OSV:GHSA-P9WF-3XPG-C9G5...
UBUNTU-CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...
DEBIAN-CVE-2021-39371
An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...
python: CRLF injection via the host part of the url passed to urlopen()
A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection e.g. through urlopen or HTTPConnection. An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and HTTP headers by...
Fedora: Security Advisory for python-django (FEDORA-2020-9c6b391162)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Debian DLA-2233-2 : python-django regression update
It was discovered that there was a regression in the latest update to Django, the Python web development framework. The upstream fix for CVE-2020-13254 to address data leakages via malformed memcached keys could, in some situations, cause a traceback. Please see for more information. For Debian 8...
Waitress denial of service vulnerability
Waitress is a WSGI Web Server Gateway Interface server for Python. A denial of service vulnerability exists in Waitress, which can be exploited to cause a denial of service by sending specially designed headers containing invalid characters that consume all available CPU resources...
[SECURITY] Fedora 31 Update: python-django-2.2.9-1.fc31
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Flask SSTI Server-Side Template Injection vulnerability. The target product/service is Flask, a Python web framework. The vulnerability class/vector is SSTI, which allows an attacker to...
Waitress Environmental Vulnerability (CNVD-2020-01313)
Waitress is a WSGI Web Server Gateway Interface server for Python. An environmental issue vulnerability exists in Waitress 1.3.1 and earlier versions. The vulnerability stems from an unreasonable environmental factor in a networked system or product. No detailed vulnerability details are provided...
Waitress Environmental Vulnerabilities (CNVD-2020-01314)
Waitress is a WSGI Web Server Gateway Interface server for Python. An environmental issue vulnerability exists in Waitress 1.3.1 and earlier versions. The vulnerability stems from an unreasonable environmental factor in a networked system or product. No detailed vulnerability details are provided...
Taking Reputation to Scale: An Iterative Journey with an Agile Approach (Part 2)
In Part 1 of this blog, we shared with you the challenges we had in balancing latency, scalability, and cost for our reputation services. In this blog, we’ll give you some insights into each major iteration along that journey, from the beginning to where we are now. 100 requests per second. Befor...
Fedora Update for python-django FEDORA-2019-647f74ce51
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 30 Update: python-django-2.1.9-1.fc30
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
CVE-2019-10633
An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...
[SECURITY] Fedora 29 Update: python-django-2.0.10-1.fc29
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
USN-3726-1: Django vulnerability
Andreas Hug discovered that Django contained an open redirect in CommonMiddleware. A remote attacker could possibly use this issue to perform phishing attacks...