PT-2022-2697

Name of the Vulnerable Software and Affected Versions cURL affected versions not specified Description The issue is related to the implementation of the HSTS HTTP Strict Transport Security mechanism in the cURL utility. It could be bypassed if the hostname in the given URL used a trailing dot whi...

UBUNTU-CVE-2021-32842

SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that baseDirectory ends with slash. If the baseDirectory is not slash terminated...

SharpZipLib 路径遍历漏洞

SharpZipLib ziplib, formerly known as NZipLib is an open source C compression and decompression library from the ICSharpCode Icsharpcode team for the .NET platform, which supports decompression and compression of Zip, GZip, BZip2, Tar and other formats. SharpZipLib has a security vulnerability th...

DEBIAN-CVE-2022-21696

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...

UBUNTU-CVE-2022-21696

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...

PYSEC-2022-47

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the nam...

OnionShare 输入验证错误漏洞

OnionShare is an open source tool for securely and anonymously sharing files, hosting websites, and chatting with friends using the Tor network. Used to securely and anonymously share files, host websites, and chat with friends using the Tor network, OnionShare is vulnerable to an input validatio...

GHSA-V6RH-HP5X-86RV Potential bypass of an upstream access control based on URL paths in Django

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low severity, according to the Django security policy...

DEBIAN-CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

PYSEC-2021-439

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

PYSEC-2021-439

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

USN-5178-1 python-django vulnerability

Sjoerd Job Postmus and TengMA discovered that Django incorrectly handled URLs with trailing newlines. A remote attacker could possibly use this issue to bypass certain access controls...

PT-2021-24086 · Django +4 · Django +4

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.25 Django versions 3.1 before 3.1.14 Django versions 3.2 before 3.2.10 Description: HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low...

EulerOS Virtualization 2.9.0 : python-jinja2 (EulerOS-SA-2021-2788)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre...

DEBIAN-CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

UBUNTU-CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

CVE-2021-35368

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

Phpfusion 跨站脚本漏洞

PHPFusion is a lightweight open source content management system. A cross-site scripting vulnerability exists in the descript function in PHPFusion version 9.03.110. An attacker could exploit this vulnerability by appending "//" to the end of the text to conduct a cross-site scripting attack...