1994年からソロ活動をスタートし、今年で25周年を迎えるTOWA TEIが、初のソロ名義でのアルバ…
三菱 コンパクトSUV「RVR」をマイナーチェンジ|フロント・リアデザインを一新
「ダイナミックシールド」デザインコンセプトを採用三菱は、コンパクトSUV「RVR」のフロント・リアデ…
[ladon] Improper Restriction of XML External Entity Reference in ladon
Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected by: XML External Entity (XXE). The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For ins…
[lodash-es] Regular Expression Denial of Service (ReDoS) in lodash
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a …
[django-rest-registration] High severity vulnerability that affects django-rest-registration
Misusing the Django Signer API leads to predictable signatures used in verification emails
Impact
The vulnerability is a high severity one. Anyone using Django REST Registration library versions 0.2.* – 0.4.* with e-mail verification option (which is r…
[SQLAlchemy] Moderate severity vulnerability that affects SQLAlchemy
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-7164
https://github.com/sqlalchemy/sqlalchemy/issues/4481
https://access.redhat.com/errata/RHSA-2…
[definitions] Code injection in definitions
There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-2032…
[ymlref] Code injection in ymlref
ymlref allows code injection.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-20133
https://github.com/dexter2206/ymlref/issues/2
https://github.com/advisories/GHSA-8r8j-xvfj-36f9
[flask-admin] Cross site scripting in flask-admin
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-16516
https://github.com/flask-admin/flask-admin/pull/1699
https://github.com/advisories/GHSA-894g-6j7q-2hx6
https://lists.fedora…
[urllib3] High severity vulnerability that affects urllib3
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unint…