A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed…
[Pillow] Out-of-bounds Read
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-35653
https://lists.fedoraproject…
[org.apache.flink:flink-runtime_2.11] Path Traversal in Apache Flink
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files acces…
[next] Remote Code Execution in next
Versions of next prior to 5.1.0 are vulnerable to Remote Code Execution. The /path: route fails to properly sanitize input and passes it to a require() call. This allows attackers to execute JavaScript code on the server. Note that prior version 0.9.9 …
[openapi-python-client] Arbitrary Code Generation
Impact
Clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.
Giving this a CVSS of 8.0 (high) with CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C…
[com.fasterxml.jackson.core:jackson-databind] Deserialization of Untrusted Data in jackson-databind
FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
References
https://nvd.n…
[waitress] HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)
Impact
The patches introduced to fix https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 were not complete and still would allow an attacker to smuggle requests/split a HTTP request with invalid data.
This updates the existing CV…
[waitress] HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
Impact
If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling.
Content-Length: 10
Transfer-Encodi…
[io.netty:netty-all] HTTP Request Smuggling in Netty
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a “Transfer-Encoding : chunked” line), which leads to HTTP request smuggling.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-16869
https://github.com/netty…
[org.apache.pdfbox:pdfbox] Vulnerability that affects org.apache.pdfbox:pdfbox
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-0228
https://github.com/ad…