3 matches found
PYSEC-2024-236
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...
Integer Overflow to Buffer Overflow
Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow vi DFAContentModel::countLeafNodes and DFAContentModel::buildDFA. An attacker can cause out-of-bound access by sending a specially crafted HTTP request. Remediation Upgrade xerces-c to version 3.2.4 o...
PT-2020-17854 · Helm +1 · Helm +1
Name of the Vulnerable Software and Affected Versions: Helm versions 3.0.0 through 3.2.3 Description: A path traversal attack is possible when installing Helm plugins from a tar archive over HTTP, allowing a malicious plugin author to inject a relative path into a plugin archive and copy a file...