BDU:2022-06319

Уязвимость библиотеки веб-приложений Pallets Werkzeug, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-29361

Published: 2022-05-25
Modified: 2024-11-21

CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package expat updated to version 2.4.9-alt1 for branch sisyphus_riscv64.

Published: 2022-09-14

BDU:2023-02596

Уязвимость функции doContent файла xmlparse.c библиотеки синтаксического анализатора XML libexpat, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-09-14
Modified: 2024-11-21

CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package python3-module-nbxmpp updated to version 3.2.2-alt1 for branch sisyphus_riscv64.

gajim 5.1 is broken

Version: 2.1.0

Branch sisyphus_riscv64 update on 2022-09-25

ALT-BU-2022-6289-1

ALT-PU-2022-6286-1

Closed vulnerabilities

BDU:2022-06319

CVE-2022-29361

ALT-PU-2022-6287-1

Closed vulnerabilities

BDU:2023-02596

CVE-2022-40674

ALT-PU-2022-6288-1

Closed bugs

Bug #43856