A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper veri…

In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a p…

In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipeline…

Python Auditing Vulnerability
Demonstrates how a malicious package can insert a load-time poison pill to avoid detection by tools like Safety.
Tools that are designed to find vulnerable packages can not ever run in the same python environment that they…

スマホでピッてやって電車に乗れて、買い物もできるおサイフケータイ。携帯電話キャリアは5G（第5世代移…

As more and more families find themselves at home, we know people are learning how to adjust to this situation. Beyond helping people find authoritative sources of news and information, we also want to be a helpful learning resource to families across …

python-docutils allows insecure usage of temporary files
References

https://nvd.nist.gov/vuln/detail/CVE-2009-5042
https://security-tracker.debian.org/tracker/CVE-2009-5042
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560755
https://github.com/ad…

python-requests-Kerberos through 0.5 does not handle mutual authentication
References

https://nvd.nist.gov/vuln/detail/CVE-2014-8650
https://github.com/requests/requests-kerberos/issues/35
https://github.com/requests/requests-kerberos/pull/36
https://…