Skip to content

Commit 36e9362

Browse files
b-c-dsb-c-ds
committed
Update CVEs in README
1 parent 6f4f2e7 commit 36e9362

File tree

1 file changed

+12
-5
lines changed

1 file changed

+12
-5
lines changed

README.md

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -150,11 +150,18 @@ regexploit-yaml *.yaml
150150

151151
# Bugs reported
152152

153-
* [bpo-38804: cpython's http.cookiejar](https://github.com/python/cpython/pull/17157)
154-
* [CVE-2020-8492: cpython's urllib.request](https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
155-
* [CVE-2020-5243: ua-parser uap-core](https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p)
156-
* [CVE-2021-21236: CairoSVG](https://github.com/advisories/GHSA-hq37-853p-g5cf)
157-
* [python-markdown2](https://github.com/trentm/python-markdown2/pull/387)
153+
* [bpo-38804: cpython's http.cookiejar](https://github.com/python/cpython/pull/17157) (Set-Cookie header parsing)
154+
* [CVE-2020-5243: uap-core](https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p) affecting uap-python, [uap-ruby](https://github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw), etc. (User-Agent header parsing)
155+
* [CVE-2020-8492: cpython's urllib.request](https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4) (WWW-Authenticate header parsing)
156+
* [CVE-2021-21236: CairoSVG](https://github.com/advisories/GHSA-hq37-853p-g5cf) (SVG parsing)
157+
* [CVE-2021-21240: httplib2](https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m) (WWW-Authenticate header parsing)
158+
* [CVE-2021-25292: python-pillow](https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c) (PDF parsing)
159+
* [CVE-2021-26813: python-markdown2](https://github.com/trentm/python-markdown2/pull/387) (Markdown parsing)
160+
* [CVE-2021-27290: npm/ssri](https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2) (SRI parsing)
161+
* [CVE-2021-27291: pygments](https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14) lexers for ADL, CADL, Ceylon, Evoque, Factor, Logos, Matlab, Octave, ODIN, Scilab & Varnish VCL (Syntax highlighting)
162+
* [CVE-2021-27292: ua-parser-js](https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566) (User-Agent header parsing)
163+
* [CVE-2021-27293: RestSharp](https://github.com/restsharp/RestSharp/issues/1556) (JSON deserialisation in a .NET C# package)
164+
* Plus unpublished bugs in pypi packages, npm packages and a nuget (C#) package
158165

159166
## Credits
160167

0 commit comments

Comments
 (0)