views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith(“/”) but this does not consider a protocol-relative URL (e.g., //example.com) attack.
Daily Archives: October 22, 2023
Read Time:10 Second
CVE-2021-46897
Read Time:8 Second
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.
rt-5.0.5-2.fc39
Read Time:6 Second
FEDORA-2023-699bd1497e
Packages in this update:
rt-5.0.5-2.fc39
Update description:
Upstream security and bugfix update.
rt-5.0.5-1.fc38
Read Time:6 Second
FEDORA-2023-64fe19f832
Packages in this update:
rt-5.0.5-1.fc38
Update description:
Upstream security and bugfix update.
rt-5.0.5-1.fc39
Read Time:6 Second
FEDORA-2023-dda28e9e7c
Packages in this update:
rt-5.0.5-1.fc39
Update description:
Upstream security and bugfix update.
DSA-5530-1 ruby-rack – security update
Read Time:10 Second
Several vulnerabilities were discovered in ruby-rack, a modular Ruby
webserver interface, which may result in denial of service and shell
escape sequence injection.
DSA-5530 ruby-rack – security update
Read Time:7 Second
Several vulnerabilities were discovered in ruby-rack, a modular Ruby
webserver interface, which may result in denial of service and shell
escape sequence injection.