CVSS: 5.3EPSS: 3%CPEs: 11EXPL: 0CVE-2018-7536 – django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc'
https://notcve.org/view.php?id=CVE-2018-7536
06 Mar 2018 — An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. Se ha descubierto un problema en Django, en versiones 2.0 anteriores a la 2.0.3; versiones... • http://www.securityfocus.com/bid/103361 • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0CVE-2017-10906 – fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs
https://notcve.org/view.php?id=CVE-2017-10906
08 Dec 2017 — Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. Una vulnerabilidad de inyección de secuencias de escape en Fluentd en las versiones 0.12.29 hasta la 0.12.40 podría permitir que un atacante cambie la interfaz de usuario del terminal o ejecute comandos arbitrarios en el dispositivo mediante vectores sin especificar. Fluentd is an open source data collector de... • https://access.redhat.com/errata/RHSA-2018:2225 • CWE-138: Improper Neutralization of Special Elements •