29 matches found
USN-7335-1: Django vulnerability
It was discovered that Django incorrectly handled text wrapping. An attacker could possibly use this issue to cause a denial of service...
Intumit SmartRobot Security Vulnerability
Intumit SmartRobot is a web development framework from Intumit, Inc. A security vulnerability exists in Intumit SmartRobot, which stems from the use of a fixed cryptographic key for authentication, and can be exploited by an attacker to gain administrator privileges and execute arbitrary code on ...
USN-6414-2: Django vulnerabilities
USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote...
[SECURITY] Fedora 38 Update: python-pyramid-2.0.2-1.fc38
Pyramid is a small, fast, down-to-earth, open source Python web development framework. It makes real-world web application development and deployment more fun, more predictable, and more productive...
CVE-2023-29003 SvelteKit has Insufficient Cross-Site Request Forgery Protection
SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...
Missing validation of JWT signature in `ManyDesigns/Portofino`
Impact Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. Patches The issue will be patched in the upcoming 5.2.1 release. For more information If you have any questions o...
CVE-2021-29451 Missing validation of JWT signature in `ManyDesigns/Portofino`
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release...
Debian DLA-2622-1 : python-django security update
It was discovered that there was a potential directory traversal issue in Django, a Python-based web development framework. The vulnerability could have been exploited by maliciously crafted filenames. However, the upload handlers built into Django itself were not affected. For Debian 9 'Stretch'...
Debian: Security Advisory (DLA-2622-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2622-1] python-django security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2622-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 09, 2021 https://wiki.debian.org/LTS -...
Debian DLA-2569-1 : python-django security update
It was discovered that there was a web cache poisoning attack in Django, a popular Python-based web development framework. This was caused by the unsafe handling of ';' characters in Python's urllib.parse.parseqsl method which had been backported to Django's codebase to fix some other security...
Debian DLA-2540-1 : python-django security update
It was discovered that there was a potential directory-traversal in Django, a Python-based web development framework. For Debian 9 'Stretch', this problem has been fixed in version 1:1.10.7-2+deb9u10. We recommend that you upgrade your python-django packages. For the detailed security status of...
Debian: Security Advisory (DLA-1872-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-4363-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1629-1 : python-django security update
It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see : https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ For Debian 8 'Jessie', this issue has been fixed in...
Debian DSA-4264-1 : python-django - security update
Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable ifdjango.middleware.common.CommonMiddleware is used and the APPENDSLASH setting is enabled. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian: Security Advisory (DSA-4264-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3254-1: Django vulnerabilities
It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...
[SECURITY] [DSA 3544-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3544-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...
Debian DLA-349-1 : python-django security update
It was discovered that there was a potential settings leak in date template filter of Django, a web-development framework. If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious...