Description In ModSecurity before 2.9.7, FILES_TMP_CONTENT sometimes lacked the complete content. This can lead to a Web Application Firewall bypass. References https://github.com/SpiderLabs/ModSecurity/pull/2857 https://github.com/SpiderLabs/ModSecurity/pull/2857/commits/4324f0ac59f8225aa44bc5034df60dbeccd1d334 https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.7 For…
Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length…
Description In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a…
Web Application Firewalls (WAF) have existed for quite some time to safeguard web applications by inspecting HTTP traffic. Traditionally, on-premises WAFs were deployed within enterprises to…
Description Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is…
Description Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. References https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65 https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d For More Information MITRE