45 matches found
GHSA-55RJ-X2VC-4WHQ Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification
Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...
Malicious Package
Overview redis-request-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in redis-request-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c98c3985913e00b5e728a27ab47c68589ba0e478f576fa6ed9aed1c42d229972 The package redis-request-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-1128
Malicious code in redis-request-parser npm...
MAL-2026-71 Malicious code in redis-request-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c98c3985913e00b5e728a27ab47c68589ba0e478f576fa6ed9aed1c42d229972 The package redis-request-parser was found to contain malicious code. Source: ghsa-malware...
EUVD-2008-4658
Malware in sbrugna...
Malicious Package
Overview xml-request-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-47024 Malicious code in xml-request-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21f1d42d43604327ee124527dd04dcb37f13b0d2c46a4f2dc3e3764c7b2000bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in xml-request-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21f1d42d43604327ee124527dd04dcb37f13b0d2c46a4f2dc3e3764c7b2000bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2024-8690
Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.10.11 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A flaw exists in the Python parser's handling of newlines within chunk extensions, potentially leading to request...
The vulnerability of the AjpRequestParser class in the ajp-listener component of the Undertow web server allows a attacker to trigger a service failure.
The vulnerability of the AjpRequestParser class in the ajp-listener component of the Undertow web server is related to an uncontrolled resource consumption due to incorrect decoding of request paths. Exploiting this vulnerability can allow a malicious actor to cause service failures...
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.21 (RHSA-2018:2742)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2742 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...
CVE-2023-37276
CVE-2023-37276 affects aiohttp when used as an HTTP server (aiohttp.Application); vulnerable code is in the llhttp-based HTTP request parser bundled with aiohttp v3.8.4 and earlier. Exploitation can lead to HTTP request smuggling. The issue is addressed in aiohttp 3.8.5; upgrading is recommended....
Schneider Electric Modicon Improper Input Validation (CVE-2018-7761)
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...
Fedora 38 : python-django3 (2023-a74513bda8)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a74513bda8 advisory. Security fixes for CVE-2022-24580 and CVE-2023-41323 Tenable has extracted the preceding description block directly from the Fedora security advisor...
Fedora 37 : python-django3 (2023-bde7913e5a)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-bde7913e5a advisory. Security fixes for CVE-2022-24580 and CVE-2023-41323 Tenable has extracted the preceding description block directly from the Fedora security advisor...
Fedora 36 : python-django3 (2023-3d775d93be)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3d775d93be advisory. Security fixes for CVE-2022-24580 and CVE-2023-41323 Tenable has extracted the preceding description block directly from the Fedora security advisor...
openSUSE 15 Security Update : python-Django (openSUSE-SU-2023:0062-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0062-1 advisory. - An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs...
Debian dla-3329 : python-django - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3329 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3329-1 [email protected] https://www.debian.org/lts/security/...
Resource exhaustion in Django
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for ...