| Flask |
CVE-2023-30861 |
高危 |
1.1.2 |
2.3.2, 2.2.5 |
flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-30861
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2023-05-02 18:15 修改: 2023-08-20 21:15
|
| Pygments |
CVE-2021-20270 |
高危 |
2.6.1 |
2.7.4 |
python-pygments: Infinite loop in SML lexer may lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20270
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2021-03-23 17:15 修改: 2021-12-10 17:04
|
| Pygments |
CVE-2021-27291 |
高危 |
2.6.1 |
2.7.4 |
python-pygments: ReDoS in multiple lexers
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27291
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2021-03-17 13:15 修改: 2023-11-07 03:31
|
| Werkzeug |
CVE-2023-25577 |
高危 |
1.0.1 |
2.2.3 |
python-werkzeug: high resource usage when parsing multipart form data with many fields
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-25577
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2023-02-14 20:15 修改: 2023-08-18 14:15
|
| Werkzeug |
CVE-2024-34069 |
高危 |
1.0.1 |
3.0.3 |
python-werkzeug: user may execute code on a developer's machine
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34069
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2024-05-06 15:15 修改: 2024-06-14 13:15
|
| pip |
CVE-2019-20916 |
高危 |
19.0.1 |
19.2 |
python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20916
镜像层: sha256:5fa31f02caa84921b7b728c6b2d3b709f5f2af697cd9fc543bc1c272db5ddbcc
发布日期: 2020-09-04 20:15 修改: 2024-02-08 02:04
|
| pip |
CVE-2021-3572 |
高危 |
19.0.1 |
21.1 |
python-pip: Incorrect handling of unicode separators in git references
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3572
镜像层: sha256:5fa31f02caa84921b7b728c6b2d3b709f5f2af697cd9fc543bc1c272db5ddbcc
发布日期: 2021-11-10 18:15 修改: 2024-06-21 19:15
|
| setuptools |
CVE-2022-40897 |
高危 |
40.7.1 |
65.5.1 |
pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897
镜像层: sha256:5fa31f02caa84921b7b728c6b2d3b709f5f2af697cd9fc543bc1c272db5ddbcc
发布日期: 2022-12-23 00:15 修改: 2024-06-21 19:15
|
| setuptools |
CVE-2024-6345 |
高危 |
40.7.1 |
70.0.0 |
pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345
镜像层: sha256:5fa31f02caa84921b7b728c6b2d3b709f5f2af697cd9fc543bc1c272db5ddbcc
发布日期: 2024-07-15 01:15 修改: 2024-07-15 13:00
|
| sqlite-web |
CVE-2021-23404 |
高危 |
0.3.7 |
|
Cross-Site Request Forgery in sqlite-web
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23404
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2021-09-08 11:15 修改: 2021-09-14 13:43
|
| wheel |
CVE-2022-40898 |
高危 |
0.32.3 |
0.38.1 |
python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40898
镜像层: sha256:5fa31f02caa84921b7b728c6b2d3b709f5f2af697cd9fc543bc1c272db5ddbcc
发布日期: 2022-12-23 00:15 修改: 2022-12-30 22:15
|
| Werkzeug |
CVE-2024-49767 |
中危 |
1.0.1 |
3.0.6 |
werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49767
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2024-10-25 20:15 修改: 2024-10-25 20:15
|
| Jinja2 |
CVE-2024-22195 |
中危 |
2.11.2 |
3.1.3 |
jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22195
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2024-01-11 03:15 修改: 2024-01-27 03:15
|
| Pygments |
CVE-2022-40896 |
中危 |
2.6.1 |
2.15.0 |
pygments: ReDoS in pygments
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40896
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2023-07-19 15:15 修改: 2024-03-28 03:15
|
| pip |
CVE-2023-5752 |
中危 |
19.0.1 |
23.3 |
pip: Mercurial configuration injectable in repo revision when installing via pip
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5752
镜像层: sha256:5fa31f02caa84921b7b728c6b2d3b709f5f2af697cd9fc543bc1c272db5ddbcc
发布日期: 2023-10-25 18:17 修改: 2024-06-10 18:15
|
| Jinja2 |
CVE-2024-34064 |
中危 |
2.11.2 |
3.1.4 |
jinja2: accepts keys containing non-attribute characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34064
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2024-05-06 15:15 修改: 2024-06-10 18:15
|
| Jinja2 |
CVE-2020-28493 |
中危 |
2.11.2 |
2.11.3 |
python-jinja2: ReDoS vulnerability in the urlize filter
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28493
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2021-02-01 20:15 修改: 2023-11-07 03:21
|
| Werkzeug |
CVE-2023-46136 |
中危 |
1.0.1 |
3.0.1, 2.3.8 |
python-werkzeug: high resource consumption leading to denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46136
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2023-10-25 18:17 修改: 2024-01-10 18:58
|
| Werkzeug |
CVE-2024-49766 |
中危 |
1.0.1 |
3.0.6 |
werkzeug: python-werkzeug: Werkzeug safe_join not safe on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-49766
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2024-10-25 20:15 修改: 2024-10-25 20:15
|
| Werkzeug |
CVE-2023-23934 |
低危 |
1.0.1 |
2.2.3 |
python-werkzeug: cookie prefixed with = can shadow unprefixed cookie
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-23934
镜像层: sha256:99ce9c49314a8ba567f8e5a0d2a7c389937edc1af36a7c286ac1d4d683589b74
发布日期: 2023-02-14 20:15 修改: 2023-08-18 14:15
|