Lucene search
K

4 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/03/27 12:0 a.m.6 views

AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction

This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...

5.7AI score
Exploits0References3
CNNVD
CNNVD
added 2023/09/25 12:0 a.m.4 views

yt-dlp OS Command Injection Vulnerability

yt-dlp is based on the youtube-dl branch of the now inactive youtube-dlc. yt-dlp suffers from an operating system command injection vulnerability that stems from not properly escaping special characters...

8.3CVSS7.6AI score0.01292EPSS
Exploits1References6
Prion
Prion
added 2023/05/30 10:15 p.m.17 views

Code injection

JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...

5.8CVSS6.5AI score0.00579EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2019/10/07 2:38 a.m.49 views

Cross-Site Scripting (XSS)

bootstrap-3-typeahead is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser due to improper special characters escaping...

6.1CVSS5.2AI score0.01532EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder