A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an a...
7.5CVSS
7.4AI Score
0.003EPSS
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
9.8CVSS
9.6AI Score
0.011EPSS
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
9.8CVSS
9.5AI Score
0.05EPSS
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
6.5CVSS
7.9AI Score
0.009EPSS
7.5CVSS
8.8AI Score
0.013EPSS
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
9.8CVSS
9.8AI Score
0.025EPSS