views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith(“/”) but this does not consider a protocol-relative URL (e.g., //example.com) attack.

Read More

views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.

Read More

FEDORA-2023-699bd1497e

Packages in this update:

rt-5.0.5-2.fc39

Update description:

Upstream security and bugfix update.

Read More

FEDORA-2023-64fe19f832

Packages in this update:

rt-5.0.5-1.fc38

Update description:

Upstream security and bugfix update.

Read More

FEDORA-2023-dda28e9e7c

Packages in this update:

rt-5.0.5-1.fc39

Update description:

Upstream security and bugfix update.

Read More

Several vulnerabilities were discovered in ruby-rack, a modular Ruby
webserver interface, which may result in denial of service and shell
escape sequence injection.

https://security-tracker.debian.org/tracker/DSA-5530-1

Read More

Several vulnerabilities were discovered in ruby-rack, a modular Ruby
webserver interface, which may result in denial of service and shell
escape sequence injection.

Read More