Lucene search
+L

13 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.12 views

jupyterlab-git extension: Stored XSS leading to RCE

Overview Amazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in the PlainTextDiff.ts component, where the createHeader method passes Git filenames directly t...

9.3CVSS6.7AI score0.00298EPSS
Exploits2References2Affected Software3
Debian CVE
Debian CVE
added 2026/06/11 3:34 p.m.11 views

CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS5.3AI score0.00622EPSS
Exploits1
OSV
OSV
added 2026/06/11 3:34 p.m.5 views

CVE-2026-44496 Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS6AI score0.00622EPSS
Exploits1References33
Github Security Blog
Github Security Blog
added 2026/06/04 2:24 p.m.87 views

Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...

7.5CVSS6AI score0.00622EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0690

Malware in sbrugna...

8.8CVSS8.7AI score0.01994EPSS
Exploits1References16
Github Security Blog
Github Security Blog
added 2018/10/17 4:19 p.m.29 views

High severity vulnerability that affects io.vertx:vertx-web

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet...

8.8CVSS3.4AI score0.01994EPSS
Exploits1References10Affected Software1
RedhatCVE
RedhatCVE
added 2018/07/12 6:19 p.m.26 views

CVE-2018-12540

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet...

8.8CVSS4.1AI score0.01994EPSS
Exploits1References2
NVD
NVD
added 2018/07/12 2:29 p.m.31 views

CVE-2018-12540

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet...

8.8CVSS8.6AI score0.01994EPSS
Exploits1References6
Prion
Prion
added 2018/07/12 2:29 p.m.22 views

Design/Logic Flaw

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet...

6.8CVSS8.6AI score0.01994EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2018/07/12 2:29 p.m.17 views

CVE-2018-12540

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet...

8.8CVSS6.7AI score
Exploits0References6
Cvelist
Cvelist
added 2018/07/12 2:0 p.m.35 views

CVE-2018-12540

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet...

8.7AI score0.01994EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2015/11/17 12:0 a.m.14 views

openSUSE Security Update : python-tornado (openSUSE-2015-741)

python-tornado was updates to fix one security issue. The following vulnerability was fixed : - CVE-2014-9720: XSRF cookie allowed side-channel attack against TLS BREACH %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

6.5CVSS6.2AI score0.02489EPSS
Exploits0References3
Atlassian
Atlassian
added 2013/10/21 3:42 a.m.24 views

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

2.1AI score
Exploits0Affected Software1
Rows per page
Query Builder