A user with the 'package joblib' privilege can execute arbitrary code with this flag.
Additionally, package joblib before 1.2.0 is vulnerable to Remote Denial of Service due to the CVE-2016-1234.
In these versions of package joblib, any object created in a parallel context is not sanitized before returning it.
Therefore, an attacker can inject an arbitrary object into the context which will be returned to the application as if it were an expected type.
This can lead to Remote Denial of Service as the application will try to dereference the object and fail.
The package django before 1.7.11 is vulnerable to Remote Code Execution due to the CVE-2017-1092.
In these versions of package django, it is possible to force a Django view to render an arbitrary piece of code by passing a user-controlled string as the request context to the view.
This can lead to Remote Code Execution as an attacker can now pass a user-controlled string to an untrusted Django view, which will be executed.
The package django before 1.7.12 is vulnerable to Remote Code Execution due to the CVE-2017-1093.
In these versions of package django, it is possible to force a Django view to render an arbitrary piece of code by passing a user-controlled string as the request context to the view.
In earlier versions of package dj
Apache Tomcat
Apache Tomcat is a free and open-source Java web server software implementation. The name of the project comes from Thomas and James, two cats who were the inspiration for its development.
Tomcat implements an HTTP, HTTPS, JSP, JSF, Servlet and NIO Web server. It provides a set of Java APIs for creating servlets and filters.
It supports Java Server Pages (JSP), JavaServer Faces (JSF), Apache Velocity Template Engine (Velocity) and Expression Language (EL), as well as HTTP Cookies and HTTP Authentication using Basic or Digest authentication as well as NTLM/Negotiate authentication.
Timeline
Published on: 09/26/2022 05:15:00 UTC
Last modified on: 09/27/2022 04:52:00 UTC