what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2020-28493

Status Candidate

Overview

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.

Related Files

Red Hat Security Advisory 2022-5070-01
Posted Aug 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-18874, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-13435, CVE-2020-14155, CVE-2020-24370, CVE-2020-28493
SHA-256 | e7b215852adbc1951046d56f7036f6b75803672b4422c7ce6cb43592abad6003
Red Hat Security Advisory 2021-4845-05
Posted Nov 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4845-05 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-26301, CVE-2020-28493, CVE-2020-8037, CVE-2021-20095, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645
SHA-256 | bd99ec51cad85f3c9c41b87c768abf6cf973e23f96461a729a58645e519e2a99
Red Hat Security Advisory 2021-4151-06
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4151-06 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include code execution, cross site scripting, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, python
systems | linux, redhat
advisories | CVE-2020-27619, CVE-2020-28493, CVE-2021-20095, CVE-2021-20270, CVE-2021-23336, CVE-2021-27291, CVE-2021-28957, CVE-2021-42771
SHA-256 | d49d4e9cc1d8294a10ad07970c659f1d865063f8fbef9fec6dfcfdf770c16f00
Red Hat Security Advisory 2021-4161-02
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4161-02 - The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2020-28493
SHA-256 | 486e4383d1eccf6ecf64a546be483e066e3dd324f029fad9a8b7af46fce359c0
Red Hat Security Advisory 2021-4162-05
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4162-05 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include code execution, cross site scripting, denial of service, double free, information leakage, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, python
systems | linux, redhat
advisories | CVE-2019-18874, CVE-2020-28493, CVE-2021-20095, CVE-2021-23336, CVE-2021-28957, CVE-2021-29921, CVE-2021-33503, CVE-2021-3426, CVE-2021-3572, CVE-2021-42771
SHA-256 | e213dc130fe6c0f9ceeb6dbc6201ba34dd61a302b188cea3f4e8ad9fc8057754
Red Hat Security Advisory 2021-3254-01
Posted Aug 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3254-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include buffer overflow, code execution, cross site scripting, denial of service, information leakage, integer overflow, and traversal vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, xss, python
systems | linux, redhat
advisories | CVE-2020-25659, CVE-2020-27619, CVE-2020-27783, CVE-2020-28493, CVE-2020-36242, CVE-2021-20095, CVE-2021-23336, CVE-2021-28957, CVE-2021-29921, CVE-2021-3177, CVE-2021-33503, CVE-2021-3426, CVE-2021-3572
SHA-256 | f49b54d77f89082e96a8e69fc49612163d813deff1eacac5d74e788baf88efbf
Red Hat Security Advisory 2021-3252-01
Posted Aug 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3252-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include buffer overflow, code execution, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution, python
systems | linux, redhat
advisories | CVE-2020-27619, CVE-2020-28493, CVE-2021-20095, CVE-2021-20270, CVE-2021-23336, CVE-2021-27291, CVE-2021-3177
SHA-256 | 05d8615e2ff62f71aec723a17e396003df102bd5b199b067ca9160421e948fe6
Gentoo Linux Security Advisory 202107-19
Posted Jul 8, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202107-19 - An inefficient regular expression could be exploited to cause a Denial of Service condition. Versions less than 2.11.3 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2020-28493
SHA-256 | e48310b84017edfd9084bed51cbd82f41f8f83e0e0bd0b030bbd1bdde6caacbc
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close