Month: March 2020

Python Auditing Vulnerability
Demonstrates how a malicious package can insert a load-time poison pill to avoid detection by tools like Safety.
Tools that are designed to find vulnerable packages can not ever run in the same python environment that they…

スマホでピッてやって電車に乗れて、買い物もできるおサイフケータイ。携帯電話キャリアは5G（第5世代移…

As more and more families find themselves at home, we know people are learning how to adjust to this situation. Beyond helping people find authoritative sources of news and information, we also want to be a helpful learning resource to families across …

python-docutils allows insecure usage of temporary files
References

https://nvd.nist.gov/vuln/detail/CVE-2009-5042
https://security-tracker.debian.org/tracker/CVE-2009-5042
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560755
https://github.com/ad…

python-requests-Kerberos through 0.5 does not handle mutual authentication
References

https://nvd.nist.gov/vuln/detail/CVE-2014-8650
https://github.com/requests/requests-kerberos/issues/35
https://github.com/requests/requests-kerberos/pull/36
https://…

Every time International Women’s Day rolls around, it’s an opportunity to reflect on all the women who push YouTube to be even better. They make this community the best that it can be. Here are nine women, from around the globe, who inspire us with the…

FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
References

https://nvd.n…

FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
References

https://nvd.nist.gov/vuln/detail/CVE-2019-20330
https://github.com/FasterXML/jackson…