4 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /lifecycle webhook endpoint. An attacker can exhaust system memory and disrupt service availability by sending an oversized JSON payload. Remediation Upgrade...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the audit subsystem when manipulating log prefixes. An attacker can execute unauthorized code and gain network access by bypassing intended restrictions on privileged API operators. Note: This is exploitable...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pathLogin function in the userpass/pathlogin.go file. An attacker can determine whether a username exists by measuring the response time difference between authentication attempts for existing and non-existi...
PT-2023-2566
Name of the Vulnerable Software and Affected Versions Flask versions prior to 2.3.2 Flask versions prior to 2.2.5 Description The issue arises when a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches...