Lucene search
K
PypaMost viewed

5616 matches found

PyPA
PyPA
added yesterday4 views

WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

SummaryA Server-Side Request Forgery SSRF Protection Bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata endpoints even when a developer has implemented a custom urlfetcher to block...

7.5CVSS6AI score0.00501EPSS
Exploits2References9Affected Software1
PyPA
PyPA
added yesterday4 views

pyasn1 has a DoS vulnerability in decoder

SummaryAfter reviewing pyasn1 v0.6.1 a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. DetailsThe integer issue can be found in the decoder as reloid += subId 7 + nextSubId,:...

7.5CVSS5.7AI score0.00679EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added yesterday4 views

Chainlit contain a server-side request forgery (SSRF) vulnerability

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

8.3CVSS6.3AI score0.04439EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

pytest has vulnerable tmpdir handling

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-user name pattern, which allows local users to cause a denial of service or possibly gain privileges...

6.8CVSS5.9AI score0.0014EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday4 views

Swing Music has a Directory Traversal & Filesystem can be accessed by a non-admin user

SummarySwing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server filesystem. DetailsThe @api.post"/dir-browser" endpoint lacks proper path validatio...

5.3CVSS6.1AI score0.00511EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

hermes's raw options logging may disclose secrets passed in via subcommand options argument

Thanks, @thunze for reporting this!hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form since https://github.com/softwarepub/hermes/commit/7f64f102e916c76dc44404b77ab2a80f5a4e59b1 in:...

5.9CVSS5.9AI score0.00154EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS

SummaryGuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data. Vulnerabili...

7.5CVSS6AI score0.00431EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

SummaryA path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog.CWE: CWE-22 Improper...

9.8CVSS6.2AI score0.00946EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00776EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command

ImpactMulti-translation download could write to an arbitrary location when instructed by a crafted server. Patches https://github.com/WeblateOrg/wlc/pull/1128 WorkaroundsDo not use wlc download with untrusted servers. ReferencesThis issue was reported to us by wh1zee via HackerOne...

8CVSS6.1AI score0.00337EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday4 views

Weblate wlc has insecure API key configuration

ImpactHistorically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be used against different server. Patches https://github.com/WeblateOrg/wlc/pull/1098 WorkaroundsRemove unscoped k...

5.5CVSS6AI score0.00164EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

BlackSheep's ClientSession is vulnerable to CRLF injection

ImpactThe HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request.Exploitation requires developers to pass unsanitized user input...

6.3CVSS6AI score0.00307EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

Weblate leaks information via screenshots

ImpactThe screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 ReferencesThanks to Lukas May and Michael Leu f...

7.5CVSS5.9AI score0.00323EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field

PrologueThese vulnerabilities have been found and chained by DCODX-AI. Validation of the exploit chain has been confirmed manually. SummaryA persistent stored cross-site scripting XSS vulnerability exists in the customhotkeys functionality of the application. An authenticated attacker or one who...

8.6CVSS5.9AI score0.00207EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

jaraco.context Has a Path Traversal Vulnerability

SummaryThere is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in jaraco.context.tarball function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed.The...

8.6CVSS6AI score0.00527EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added yesterday4 views

filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock

Vulnerability SummaryTitle: Time-of-Check-Time-of-Use TOCTOU Symlink Vulnerability in SoftFileLockAffected Component: filelock package - SoftFileLock classFile: src/filelock/soft.py lines 17-27CWE: CWE-362, CWE-367, CWE-59--- DescriptionA TOCTOU race condition vulnerability exists in the...

5.3CVSS6AI score0.00115EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

Authlib has 1-click Account Takeover vulnerability

Security Advisory: Cache-Backed State Storage CSRF in AuthlibThe Security Labs team at Snyk has reported a security issue affecting Authlib, identified during a recent research project.The Snyk Security Labs team has identified a vulnerability that can result in a one-click account takeover in...

8.8CVSS6AI score0.00237EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added yesterday4 views

NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()

SummaryXSS risk exists in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL without page reload. However, if the URL argument is embedded into...

6.1CVSS6.2AI score0.00243EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

Fickling has a bypass via runpy.run_path() and runpy.run_module()

Fickling's assessmentrunpy was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66. Original report SummaryFickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious...

9.3CVSS6.6AI score0.00425EPSS
Exploits1References13Affected Software1
PyPA
PyPA
added yesterday4 views

Fickling vulnerable to detection bypass due to "builtins" blindness

Fickling's assessmentFickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report SummaryFickling works byPickle bytecode -- AST -- Security analysisHowever...

9.3CVSS6.2AI score0.00264EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday4 views

Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling's assessmentctypes, importlib, runpy, code and multiprocessing were added the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9,...

9.3CVSS6.4AI score0.00554EPSS
Exploits1References13Affected Software1
PyPA
PyPA
added yesterday4 views

AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS5.2AI score0.00165EPSS
Exploits0References12Affected Software1
PyPA
PyPA
added yesterday4 views

Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection

Fickling's assessmentpydoc and ctypes were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1. Original report SummaryBoth ctypes and pydoc modules arent explictly blocked. Even other existing pickle scanning tools like...

9.3CVSS6AI score0.00346EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added yesterday4 views

pypdf has possible long runtimes for malformed startxref

ImpactAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected...

6.9CVSS5.6AI score0.00391EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday4 views

pypdf has possible long runtimes for missing /Root object with large /Size values

ImpactAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. PatchesThis ha...

6.9CVSS5.8AI score0.00391EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday4 views

LIEF is vulnerable to segmentation fault

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parsebinary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local...

5.5CVSS5.3AI score0.00242EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added yesterday4 views

NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links

SummaryAn unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. Details1. On click, eventually subpagesnavigate event is...

6.1CVSS6AI score0.00238EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

Werkzeug safe_join() allows Windows special device names with compound extensions

Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extensio...

6.3CVSS6AI score0.00424EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Fickling Blocklist Bypass: cProfile.run()

Fickling's assessmentcProfile was added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43. Original report Description SummaryFickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of...

9.3CVSS6.5AI score0.0044EPSS
Exploits1References13Affected Software1
PyPA
PyPA
added yesterday4 views

NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS

SummaryAn unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. DetailsThe problem is traced as follows:1. On pushstate, handleStateEvent is...

7.2CVSS5.9AI score0.00233EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

NiceGUI has Redis connection leak via tab storage causes service degradation

SummaryAn unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation when Redis hits its connection limit.NiceGUI continues accepting ne...

5.3CVSS6AI score0.0051EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added yesterday4 views

Parsl Monitoring Visualization Vulnerable to SQL Injection

Affected Product: Parsl Python Parallel Scripting LibraryComponent: parsl.monitoring.visualizationVulnerability Type: SQL Injection CWE-89Severity: High CVSS Rating Recommended: 7.5 - 8.6URL: https://github.com/Parsl/parsl/blob/master/parsl/monitoring/visualization/views.pySummaryA SQL Injection...

7.3CVSS6.2AI score0.00235EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

records-mover Injection vulnerability

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...

5.3CVSS5.6AI score0.00174EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday4 views

AIOHTTP Vulnerable to Cookie Parser Warning Storm

SummaryReading multiple invalid cookies can lead to a logging storm. ImpactIf the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.----Patch:...

6.9CVSS5.9AI score0.00332EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

picklescan has Arbitrary file read using `io.FileIO`

SummaryUnsafe pickle deserialization allows unauthenticated attackers to read arbitrary server files and perform SSRF. By chaining io.FileIO and urllib.request.urlopen, an attacker can bypass RCE-focused blocklists to exfiltrate sensitive data example: /etc/passwd to an external server. DetailsTh...

8.7CVSS6AI score0.00509EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added yesterday4 views

loggingredactor converts non-string types to string types in logs

ImpactNon-string types are converted into string types, leading to type errors in %d conversions. PatchesThe problem has been patched in version 0.0.6. WorkaroundsNone without patching. ResourcesIssue report: https://github.com/armurox/loggingredactor/issues/7Release:...

5.3CVSS5.9AI score0.00228EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added yesterday4 views

MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

SummaryA Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar download functions in the same codebase properly use the existing safeextractmember function.This appears to ...

5.3CVSS6AI score0.00311EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added yesterday4 views

AIOHTTP vulnerable to DoS through chunked messages

SummaryHandling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. ImpactIf an application makes use of the request.read method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU ti...

8.7CVSS5.9AI score0.00338EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

AIOHTTP vulnerable to denial of service through large payloads

SummaryA request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing. ImpactIf an application includes a handler that uses the Request.post method, an attacker may be able to freeze the server by exhausting the memory.-----Patch:...

8.7CVSS5.8AI score0.00347EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

Impacturllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once.urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip,...

8.9CVSS6AI score0.02667EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

Bokeh server applications have Incomplete Origin Validation in WebSockets

This vulnerability allows for Cross-Site WebSocket Hijacking CSWSH of a deployed Bokeh server instance. ScopeThis vulnerability is only relevant to deployed Bokeh server instances. There is no impact on static HTML output, standalone embedded plots, or Jupyter notebook usage. This vulnerability...

7.4CVSS5.9AI score0.00159EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added yesterday4 views

AIOHTTP vulnerable to DoS when bypassing asserts

SummaryWhen assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. ImpactIf optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to execu...

8.7CVSS6AI score0.00337EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

AIOHTTP's unicode processing of header values could cause parsing discrepancies

SummaryThe Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. ImpactIf a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...

6.9CVSS6AI score0.00213EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

AIOHTTP has unicode match groups in regexes for ASCII protocol elements

SummaryThe parser allows non-ASCII decimals to be present in the Range header. ImpactThere is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability.----Patch:...

6.9CVSS5.9AI score0.00236EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

AIOHTTP vulnerable to brute-force leak of internal static file path components

SummaryPath normalization for static files prevents path traversal, but opens up the ability for an attacker to ascertain theexistence of absolute path components. ImpactIf an application uses web.static not recommended for production deployments, it may be possible for an attacker to ascertain t...

6.9CVSS5.8AI score0.00313EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length

SummaryPicklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. DetailsPicklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command executi...

8.1CVSS6.6AI score0.00301EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added yesterday4 views

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

SummaryAn insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file.CW...

8.8CVSS6.5AI score0.00487EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Feast vulnerable to Deserialization of Untrusted Data

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS6.8AI score0.00264EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added yesterday4 views

AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

SummaryA zip bomb can be used to execute a DoS against the aiohttp server. ImpactAn attacker may be able to send a compressed request that when decompressed by aiohttp could exhaust the host's memory.------Patch: https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a...

7.5CVSS6AI score0.00487EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added yesterday4 views

Picklescan has Incomplete List of Disallowed Inputs

SummaryCurrently picklescanner only blocks some specific functions of the pydoc and operator modules. Attackers can use other functions within these allowed modules to go through undetected and achieve RCE on the final user. Particularly pydoc.locate: Can dynamically resolve and import arbitrary...

9.8CVSS6.1AI score0.00623EPSS
Exploits0References9Affected Software1
Total number of security vulnerabilities5000