Page 4 of 282 results (0.008 seconds)

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-50447 – pillow: Arbitrary Code Execution via the environment parameter

https://notcve.org/view.php?id=CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). Pillow hasta la versión 10.1.0 permite la ejecución de código arbitrario PIL.ImageMath.eval a través del parámetro de entorno, una vulnerabilidad diferente a CVE-2022-22817 (que se refería al parámetro de expresión). A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter. • http://www.openwall.com/lists/oss-security/2024/01/20/1 https://devhub.checkmarx.com/cve-details/CVE-2023-50447 https://duartecsantos.github.io/2024-01-02-CVE-2023-50447 https://github.com/python-pillow/Pillow/releases https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html https://access.redhat.com/security/cve/CVE-2023-50447 https://bugzilla.redhat.com/show_bug.cgi?id=2259479 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-6507 – Groups not dropped before running subprocess when using empty 'extra_groups' parameter

https://notcve.org/view.php?id=CVE-2023-6507

An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). Se encontró un problema en el módulo `subproceso` de CPython 3.12.0 en plataformas POSIX. El problema se solucionó en CPython 3.12.1 y no afecta a otras versiones estables. • https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b https://github.com/python/cpython/commit/85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06 https://github.com/python/cpython/commit/9fe7655c6ce0b8e9adc229daf681b6d30e6b1610 https://github.com/python/cpython/issues/112334 https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-44271 – python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument

https://notcve.org/view.php?id=CVE-2023-44271

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. Se descubrió un problema en Pillow antes de la versión 10.0.0. Es una Denegación de Servicio que asigna memoria de forma incontrolable para procesar una tarea determinada, lo que puede provocar que un servicio falle al quedarse sin memoria. • https://devhub.checkmarx.com/cve-details/CVE-2023-44271 https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 https://github.com/python-pillow/Pillow/pull/7244 https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4 https://access.redhat.com/security/cve/CVE-2023-44271 https://bugzilla.redhat.com/show_bug.cgi?id=2247820 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-45803 – Request body not stripped after redirect in urllib3

https://notcve.org/view.php?id=CVE-2023-45803

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. • https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX https://www.rfc-editor.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-25091 – urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect

https://notcve.org/view.php?id=CVE-2018-25091

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). urllib3 anterior a 1.24.2 no elimina el encabezado HTTP de autorización cuando se sigue una redirección de origen cruzado (es decir, una redirección que difiere en host, puerto o esquema). Esto puede permitir que las credenciales en el encabezado de autorización se expongan a hosts no deseados o se transmitan en texto plano. NOTA: este problema existe debido a una solución incompleta para CVE-2018-20060 (que distinguía entre mayúsculas y minúsculas). • https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2 https://github.com/urllib3/urllib3/issues/1510 https://access.redhat.com/security/cve/CVE-2018-25091 https://bugzilla.redhat.com/show_bug.cgi?id=2244340 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •