New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
quoted sections in tag not grouped correctly #366
Comments
|
Mike Bayer has proposed a fix for this issue in the main branch: fix tag regexp to match quoted groups correctly https://gerrit.sqlalchemy.org/c/sqlalchemy/mako/+/4053 |
jbmchuck
added a commit
to tableau/altimeter
that referenced
this issue
Sep 16, 2022
jbmchuck
added a commit
to tableau/altimeter
that referenced
this issue
Sep 16, 2022
sbrunner
added a commit
to camptocamp/shared_config_manager
that referenced
this issue
Sep 28, 2022
+==============================================================================+
VULNERABILITIES FOUND
+==============================================================================+
-> Vulnerability found in lxml version 4.8.0
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/
-> Vulnerability found in mako version 1.1.6
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in mako version 1.0.9
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
Ignore CVE
Title: [1084602] Arbitrary Code Execution in underscore
Severity: critical
CWE: CWE-94
Vulnerable versions: >=1.3.2 <1.12.1
Patched versions: >=1.12.1
Recommendation: Upgrade to version 1.12.1 or later
Version: 1.6.0
Path: openlayers > nomnom > underscore
More info: GHSA-cf4h-3jhx-xvhq
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in mako version 1.1.2
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in mako version 1.0.9
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
Ignore CVE
Title: [1084602] Arbitrary Code Execution in underscore
Severity: critical
CWE: CWE-94
Vulnerable versions: >=1.3.2 <1.12.1
Patched versions: >=1.12.1
Recommendation: Upgrade to version 1.12.1 or later
Version: 1.6.0
Path: openlayers > nomnom > underscore
More info: GHSA-cf4h-3jhx-xvhq
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in lxml version 4.6.5
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/
-> Vulnerability found in mako version 1.1.4
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in lxml version 4.8.0
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/
-> Vulnerability found in mako version 1.2.0
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in mako version 1.0.9
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
Title: [1084602] Arbitrary Code Execution in underscore
Severity: critical
CWE: CWE-94
Vulnerable versions: >=1.3.2 <1.12.1
Patched versions: >=1.12.1
Recommendation: Upgrade to version 1.12.1 or later
Version: 1.6.0
Path: openlayers > nomnom > underscore
More info: GHSA-cf4h-3jhx-xvhq
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in mako version 1.1.2
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/tilecloud-chain
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in mako version 1.1.3
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/mapfish-print-logs
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in lxml version 4.6.5
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/
-> Vulnerability found in mako version 1.1.3
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/mapfish-print-logs
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in lxml version 4.6.5 Vulnerability ID: 50748 Affected spec: <4.9.1 ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application... CVE-2022-2309 For more information, please visit https://pyup.io/vulnerabilities/CVE-2022-2309/50748/ -> Vulnerability found in mako version 1.1.3 Vulnerability ID: 50870 Affected spec: <1.2.2 ADVISORY: Mako 1.2.2 includes a fix for a REDoS vulnerability.sqlalchemy/mako#366 PVE-2022-50870 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/mapfish-print-logs
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in lxml version 4.6.5 Vulnerability ID: 50748 Affected spec: <4.9.1 ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application... CVE-2022-2309 For more information, please visit https://pyup.io/vulnerabilities/CVE-2022-2309/50748/ -> Vulnerability found in mako version 1.1.3 Vulnerability ID: 50870 Affected spec: <1.2.2 ADVISORY: Mako 1.2.2 includes a fix for a REDoS vulnerability.sqlalchemy/mako#366 PVE-2022-50870 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Sep 30, 2022
-> Vulnerability found in lxml version 4.6.5
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/
-> Vulnerability found in mako version 1.1.4
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/
sbrunner
added a commit
to camptocamp/ngeo
that referenced
this issue
Oct 3, 2022
-> Vulnerability found in mako version 1.0.9
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
Merged
sbrunner
added a commit
to camptocamp/ngeo
that referenced
this issue
Oct 3, 2022
Title: [1084344] jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label Severity: moderate CWE: CWE-79 Vulnerable versions: <1.13.2 Patched versions: >=1.13.2 Recommendation: Upgrade to version 1.13.2 or later Version: 1.13.0 Path: jquery-ui More info: GHSA-h6gj-6jjq-h8g9 -> Vulnerability found in mako version 1.1.2 Vulnerability ID: 50870 Affected spec: <1.2.2 ADVISORY: Mako 1.2.2 includes a fix for a REDoS vulnerability.sqlalchemy/mako#366 PVE-2022-50870 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
Closed
sbrunner
added a commit
to camptocamp/ngeo
that referenced
this issue
Oct 3, 2022
-> Vulnerability found in mako version 1.1.4
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
Merged
sbrunner
added a commit
to camptocamp/ngeo
that referenced
this issue
Oct 3, 2022
-> Vulnerability found in mako version 1.0.9
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/c2cwsgiutils
that referenced
this issue
Oct 3, 2022
-> Vulnerability found in lxml version 4.6.5
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/
-> Vulnerability found in mako version 1.1.2
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/c2cwsgiutils
that referenced
this issue
Oct 3, 2022
-> Vulnerability found in lxml version 4.7.1
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/
-> Vulnerability found in mako version 1.1.6
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Oct 4, 2022
-> Vulnerability found in lxml version 4.6.5
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/
-> Vulnerability found in mako version 1.1.4
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Oct 6, 2022
-> Vulnerability found in lxml version 4.8.0
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/
-> Vulnerability found in mako version 1.2.0
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/
-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Oct 6, 2022
Title: [1084602] Arbitrary Code Execution in underscore Severity: critical CWE: CWE-94 Vulnerable versions: >=1.3.2 <1.12.1 Patched versions: >=1.12.1 Recommendation: Upgrade to version 1.12.1 or later Version: 1.6.0 Path: openlayers > nomnom > underscore More info: GHSA-cf4h-3jhx-xvhq -> Vulnerability found in mako version 1.0.9 Vulnerability ID: 50870 Affected spec: <1.2.2 ADVISORY: Mako 1.2.2 includes a fix for a REDoS vulnerability.sqlalchemy/mako#366 PVE-2022-50870 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Oct 7, 2022
-> Vulnerability found in mako version 1.1.2
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/c2cgeoportal
that referenced
this issue
Oct 7, 2022
-> Vulnerability found in mako version 1.1.2
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
sbrunner
added a commit
to camptocamp/c2cwsgiutils
that referenced
this issue
Oct 19, 2022
-> Vulnerability found in mako version 1.1.6
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
-> Vulnerability found in urllib3 version 1.24.3
Vulnerability ID: 38834
Affected spec: <1.25.9
ADVISORY: Urllib3 before 1.25.9 allows CRLF injection if the attacker
controls the HTTP request method, as demonstrated by inserting CR and LF...
CVE-2020-26137
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2020-26137/38834/
-> Vulnerability found in urllib3 version 1.24.3
Vulnerability ID: 43975
Affected spec: <1.26.5
ADVISORY: Urllib3 1.26.5 includes a fix for CVE-2021-33503: An issue
was discovered in urllib3 before 1.26.5. When provided with a URL...
CVE-2021-33503
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2021-33503/43975/
sbrunner
added a commit
to camptocamp/c2cwsgiutils
that referenced
this issue
Oct 19, 2022
-> Vulnerability found in mako version 1.1.6
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
-> Vulnerability found in urllib3 version 1.24.3
Vulnerability ID: 38834
Affected spec: <1.25.9
ADVISORY: Urllib3 before 1.25.9 allows CRLF injection if the attacker
controls the HTTP request method, as demonstrated by inserting CR and LF...
CVE-2020-26137
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2020-26137/38834/
-> Vulnerability found in urllib3 version 1.24.3
Vulnerability ID: 43975
Affected spec: <1.26.5
ADVISORY: Urllib3 1.26.5 includes a fix for CVE-2021-33503: An issue
was discovered in urllib3 before 1.26.5. When provided with a URL...
CVE-2021-33503
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2021-33503/43975/
rpurdie
pushed a commit
to yoctoproject/poky
that referenced
this issue
Nov 1, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
(From OE-Core rev: c927983ba7af9895e550018476759dd12fa90452)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Nov 1, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpurdie
pushed a commit
to yoctoproject/poky
that referenced
this issue
Nov 1, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
(From OE-Core rev: 6e1c50a131429cb5cc7b86ea5765c85850f97446)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Nov 1, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpurdie
pushed a commit
to yoctoproject/poky
that referenced
this issue
Nov 2, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
(From OE-Core rev: 49ad6f031458e1f48f24547dc88e41abc4ec41a6)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Nov 2, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj
pushed a commit
to YoeDistro/poky
that referenced
this issue
Nov 2, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
(From OE-Core rev: a32dae12a9beeb5e9d74cd07f8595d0a4bda1850)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this issue
Nov 24, 2022
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] sqlalchemy/mako#366
[3] sqlalchemy/mako#367
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 49ad6f0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
this will crash the Lexer due to the regex:
The text was updated successfully, but these errors were encountered: