Skip to content

Commit

Permalink
Auto import
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions committed Jun 15, 2021
1 parent 15019f5 commit 7afe251
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 0 deletions.
25 changes: 25 additions & 0 deletions vulns/flask-unchained/PYSEC-0000-CVE-2021-23393.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
id: PYSEC-0000-CVE-2021-23393
package:
name: flask-unchained
ecosystem: PyPI
details: This affects the package Flask-Unchained before 0.9.0. When using the the
_validate_redirect_url function, it is possible to bypass URL validation and redirect
a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path.
This vulnerability is only exploitable if an alternative WSGI server other than
Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.
affects:
ranges:
- type: GIT
repo: https://github.com/briancappello/flask-unchained
fixed: 71e36b28166f9ffbe0a991f51127f0984f7e6a40
- type: ECOSYSTEM
fixed: 0.9.0
references:
- type: WEB
url: https://snyk.io/vuln/SNYK-PYTHON-FLASKUNCHAINED-1293189
- type: WEB
url: https://github.com/briancappello/flask-unchained/commit/71e36b28166f9ffbe0a991f51127f0984f7e6a40
aliases:
- CVE-2021-23393
modified: "2021-06-11T11:11:00Z"
published: "2021-06-11T00:15:00Z"
24 changes: 24 additions & 0 deletions vulns/thefuck/PYSEC-0000-CVE-2021-34363.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
id: PYSEC-0000-CVE-2021-34363
package:
name: thefuck
ecosystem: PyPI
details: The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal
that leads to arbitrary file deletion via the "undo archive operation" feature.
affects:
ranges:
- type: GIT
repo: https://github.com/nvbn/thefuck
fixed: e343c577cd7da4d304b837d4a07ab4df1e023092
- type: ECOSYSTEM
fixed: "3.31"
references:
- type: WEB
url: https://vuln.ryotak.me/advisories/48
- type: WEB
url: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
- type: WEB
url: https://github.com/nvbn/thefuck/releases/tag/3.31
aliases:
- CVE-2021-34363
modified: "2021-06-10T11:58:00Z"
published: "2021-06-10T11:15:00Z"

0 comments on commit 7afe251

Please sign in to comment.