Month: June 2022

パラマウント・ピクチャーズが映画『トップガン マーヴェリック』を巡り著作権侵害で訴えられている。イス…

8月11日（木・祝）に公開の二宮和也2年ぶりとなる主演映画『ＴＡＮＧ タング』より、場面写真とオフシ…

Impact
What kind of vulnerability is it? Who is impacted?
Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI. Occurrence is further limited…

By Andrew Holleran Over the years, several notable athletes and sports figures have posed for the iconic Sports Illustrated Swimsuit issue. Former United States Olympic skier Lindsey Vonn is among those who have been featured in the issue. Vonn, one of…

The package cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional fl…

Summary
Mechanize (rubygem) < v2.8.5 leaks the Authorization header after a redirect to a different port on the same site.
Mitigation
Upgrade to Mechanize v2.8.5 or later.
Notes
See https://curl.se/docs/CVE-2022-27776.html for a similar vulnerabilit…

Impact
Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a U…

Impact
Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the…

女優ジュリア・ガーナー（28）が、マドンナの新作伝記映画で主役に抜擢されそうだ。ネットフリックスの人…