helloworld's People
helloworld's Issues
A new vulnerability was discovered: CVE-2017-18342
Read more at Debricked: http://127.0.0.1:8888/en/service/vulnerability/6575
A new vulnerability was discovered: CVE-2017-18342
Read more at Debricked: http://127.0.0.1:8888/en/service/vulnerability/6575
A new vulnerability was discovered: CVE-2017-18342
Read more at Debricked: http://127.0.0.1:8888/en/service/vulnerability/6575
A new vulnerability was discovered: CVE-2021-21419
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/218397
A new vulnerability was discovered: CVE-2020-13091
pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if reduce makes an os.system call.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/158046
A new vulnerability was discovered: CVE-2017-18342
Read more at Debricked: http://127.0.0.1:8888/en/service/vulnerability/6575
A new vulnerability was discovered: CVE-2021-33026
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/218750
A new vulnerability was discovered: CVE-2018-20225
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/157715
A new vulnerability was discovered: CVE-2017-18342
Read more at Debricked: http://127.0.0.1:8888/en/service/vulnerability/6575
A new vulnerability was discovered: CVE-2017-18342
Read more at Debricked: http://127.0.0.1:8888/en/service/vulnerability/6575
A new vulnerability was discovered: CVE-2019-20916
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/179578
A new vulnerability was discovered: CVE-2019-20477
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/146151
A new vulnerability was discovered: CVE-2020-14343
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/209991
A new vulnerability was discovered: CVE-2020-1747
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/154181
A new vulnerability was discovered: CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/15558
A new vulnerability was discovered: CVE-2017-18342
Read more at Debricked: http://127.0.0.1:8888/en/service/vulnerability/6575
A new vulnerability was discovered: CVE-2020-13091
pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if reduce makes an os.system call.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/158046
A new vulnerability was discovered: CVE-2018-20225
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/157715
A new vulnerability was discovered: CVE-2019-20916
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/179578
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.