Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/09 12:31 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /lifecycle webhook endpoint. An attacker can exhaust system memory and disrupt service availability by sending an oversized JSON payload. Remediation Upgrade...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/09 2:41 a.m.7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the audit subsystem when manipulating log prefixes. An attacker can execute unauthorized code and gain network access by bypassing intended restrictions on privileged API operators. Note: This is exploitable...

9.4CVSS7.8AI score0.00371EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/09 2:41 a.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the pathLogin function in the userpass/pathlogin.go file. An attacker can determine whether a username exists by measuring the response time difference between authentication attempts for existing and non-existi...

6.3CVSS7AI score0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/01 12:0 a.m.9 views

PT-2023-2566

Name of the Vulnerable Software and Affected Versions Flask versions prior to 2.3.2 Flask versions prior to 2.2.5 Description The issue arises when a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches...

8.7CVSS7.5AI score0.01261EPSS
Exploits1References56
Rows per page
Query Builder