Unshiftio Url-parse 访问控制错误漏洞

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. An Access Control Error vulnerability exists in Unshiftio Url-parse that stems from the product's lack of an effective protection mechanism for user-controlled keys. The vulnerability can be exploited t...

DEBIAN-CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

Injection Vulnerability

Python is vulnerable to injection vulnerability. The vulnerability exists due to a lack of sanitization on the URL string parsed into the urlparse method allowing an attacker to inject maliciously crafted URL...

SUSE: Security Advisory (SUSE-SU-2014:0998-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-GG84-QGV9-W4PQ CRLF injection in httplib2

Impact Attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. Impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1277)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : python3 (SUSE-SU-2019:2053-2)

This update for python3 fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document bsc1109847. CVE-2018-1000802: Fixed a comma...

OPENSUSE-SU-2019:1906-1 Security update for python

This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. This update was imported from the SUSE:SLE-15:Update update project...

SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2019:2053-1)

This update for python3 fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document bsc1109847. CVE-2018-1000802: Fixed a comma...

PT-2019-2858 · Python +6 · Python +6

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to errors in handling registration data in the urllib.parse.urlsplit and urllib.parse.urlparse functions of the Python programming language interpreter. Exploitation of...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

Updated python packages fix security vulnerability

A vulnerability was found in Python 2.x through 2.7.16. An improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization could lead to an Information Disclosure credentials, cookies, etc. that are cached against a given hostname in the urllib.parse.urlsplit,...

Django two url jump vulnerability analysis: CVE-2017-7233&7234-vulnerability warning-the black bar safety net

! Django official News&Event in the 4 on 4, released a security update that fixes two URL jump loopholes, one is the urlparse pot, the other by long Dinh tech security researcher phithon report, are very beautiful. Because there are replicate Django vulnerability of habit, the evening pumping up...

Django is_safe_url() the URL to jump to the filter function of the Bypass（CVE-2017-7233）

Source: same thread safety Emergency Response Center Author: Nearg1e@YSRC Foreign security researcher roks0n provided to the Django official of a vulnerability. On issafeurl function Django comes with a function: django. utils. http. issafeurlurl, host=None, allowedhosts=None, requirehttps=False...

Fedora 25 : curl (2016-89769648a0)

fix cookie injection for other servers CVE-2016-8615 - compare user/passwd case-sensitively while reusing connections CVE-2016-8616 - base64: check for integer overflow on large input CVE-2016-8617 - fix double-free in krb5 code CVE-2016-8619 - fix double-free in curlmaprintf CVE-2016-8618 - fix...

SuSE 11.3 Security Update : Python (SAT Patch Number 9581)

This update for Python provides fixes for the following issues : - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. CVE-2014-4650 - The 'urlparse' module has been updated to correctly parse IPv6 addresses. bnc872848 - Correctly enable IPv6 support. %NASLMINLEV...

python security, bug fix, and enhancement update

2.6.6-51 - Fixed memory leak in ssl.getpeeraltnames Resolves: rhbz1002983 2.6.6-50 - Added fix for CVE-2013-4238 Resolves: rhbz998784 2.6.6-49 - Fix shebangs in several files in python-tools subpackage Resolves: rhbz521898 2.6.6-48 - Fix sqlite3.Cursor.lastrowid under a Turkish locale. Resolves:...

Mandriva Security Advisory MDVSA-2009:341 (dstat)

The remote host is missing an update to dstat announced via advisory MDVSA-2009:341. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

phpBB 2.0.15 - highlight PHP Remote Code Execution

phpBB 2.0.15 - highlight PHP Remote Code Execution tested and working /str0ke !/usr/bin/pyth0n this exploit for phpBB 2.0.15 print "\nphpBB 2.0.15 arbitrary command execution eXploit" emulates a shell, print " 2005 by [email protected]" rather than print " well, just because there is none."...