Symlink Attack

tar is vulnerable to symlink attack. The vulnerability exists due to the lack of checking if the symbolic link has been modified through the logic used both \ and / characters as path separators...

python-pip: Incorrect handling of unicode separators in git references

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...

MGASA-2021-0401 Updated dino packages fix security vulnerability

Updated dino packages fix security vulnerability: Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators CVE-2021-33896...

OESA-2021-1284 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. Security Fixes: A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a...

SUSE-SU-2021:2441-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references bsc1186819...

[ASA-202107-35] dino: directory traversal

Arch Linux Security Advisory ASA-202107-35 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-33896 Package : dino Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-2043 Summary ======= The package dino before version...

SUSE-SU-2021:2304-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references bsc1186819...

CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

DEBIAN-CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

Directory traversal

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

Dino 路径遍历漏洞

Dino is an open source chat client application for desktop from the Dino DINO team. Dino suffers from a path traversal vulnerability that stems from Dino prior to 0.1.2 and 0.2 failing to properly filter for special elements in the path of a resource or file. An attacker could use this...

CVE-2021-33896

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...

AZL-44862 CVE-2020-28469 affecting package js-jquery 3.5.0-4

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

CVE-2021-3572

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...

Ubuntu: Security Advisory (USN-4961-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4961-1 python-pip vulnerability

It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository...

SUSE: Security Advisory (SUSE-SU-2019:2890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...