IPython (Interactive Python) is a command shell. Cross-site request forgery in the REST API is possible in in IPython 2 and 3. Versions 2.4.1 and 3.2.3 contain patches.
References
https://nvd.nist.gov/vuln/detail/CVE-2015-5607
https://github.com/ipyth…
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into foll…
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-15612
https://github.com/lepture…
In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code e…
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting att…
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify webs…
Code Injection in GitHub repository publify/publify prior to 9.2.8.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-0578
https://github.com/publify/publify/commit/b50df050c593cc532b2c516792989bcfce2d73f7
https://huntr.dev/bounties/02c81928-eb47-4…
Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can’t view but can leave comments on an article in draft mode.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-0574
https://github.com/publify/publify/co…
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the int…
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with _jinja2 in /tmp.
References
…
