Vulnerability Details

CVEID:   CVE-2023-39326
DESCRIPTION:   Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the net/http package. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to read many more bytes from the network than are in the body, and use this information to launch further attacks against the affected system.
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2023-43804
DESCRIPTION:   urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
CWE:   CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-37891
DESCRIPTION:   urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header during cross-origin redirects. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information.
CWE:   CWE-669: Incorrect Resource Transfer Between Spheres
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-45803
DESCRIPTION:   urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
CWE:   CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source:   CVE.org
CVSS Base score:   4.2
CVSS Vector:   (CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-45283
DESCRIPTION:   Golang Go could allow a remote attacker to traverse directories on the system, caused by the failure to recognize paths with a \??\ prefix as a Root Local Device path prefix in the filepath and safefilepath package. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CWE:   CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2023-45284
DESCRIPTION:   Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the IsLocal function in the filepath package. An attacker could exploit this vulnerability to report "COM1", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3 as local.
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2023-45288
DESCRIPTION:   An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CWE:   CWE-202: Exposure of Sensitive Information Through Data Queries
CVSS Source:   CISA ADP
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-24789
DESCRIPTION:   The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVSS Source:   IBM X-Force
CVSS Base score:   6.2
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2024-3651
DESCRIPTION:   idna could allow a local user to cause a denial of service using a specially crafted argument to the idna.encode() function and consume system resources.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   6.2
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-6104
DESCRIPTION:   go-retryablehttp could allow a local authenticated attacker to obtain sensitive information, caused by the failure to sanitize urls when writing them to its log file. An attacker could exploit this vulnerability to write sensitive HTTP basic auth credentials to its log file.
CWE:   CWE-532: Insertion of Sensitive Information into Log File
CVSS Source:   IBM X-Force
CVSS Base score:   6
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)

CVEID:   CVE-2024-6345
DESCRIPTION:   pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the package_index module. By persuading a victim to click a specially crafted URL, an attacker could exploit this vulnerability using its download functions to inject and execute arbitrary code on the system.
CWE:   CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   8.8
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-9341
DESCRIPTION:   Containers common could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when FIPS mode is enabled in Go library. By using a specially crafted symbolic links, an attacker could exploit this vulnerability to bypass intended isolation between containers and the host system and gain access critical host files.
CWE:   CWE-59: Improper Link Resolution Before File Access ('Link Following')
CVSS Source:   Red Hat
CVSS Base score:   5.4
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N)

CVEID:   CVE-2024-47874
DESCRIPTION:   Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and copy operations, and also consume more and more memory until the server starts swapping and grinds to
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   CVE.org
CVSS Base score:   8.7
CVSS Vector:   (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)

CVEID:   CVE-2024-49766
DESCRIPTION:   Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch.
CWE:   CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS Source:   security-advisories@github.com
CVSS Base score:   6.3
CVSS Vector:   (CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X)

CVEID:   CVE-2024-49767
DESCRIPTION:   Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   CVE.org
CVSS Base score:   6.9
CVSS Vector:   (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)

CVEID:   CVE-2024-3596
DESCRIPTION:   RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CWE:   CWE-354: Improper Validation of Integrity Check Value
CVSS Source:   NVD
CVSS Base score:   9
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID:   CVE-2024-26462
DESCRIPTION:   Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
CWE:   CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source:   NVD
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26458
DESCRIPTION:   Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26461
DESCRIPTION:   Kerberos 5 is vulnerable to a denial of service, caused by a memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-2511
DESCRIPTION:   OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote attacker could exploit this vulnerability to cause unbounded memory growth, and results in a denial of service condition.
CWE:   CWE-1325: Improperly Controlled Sequential Memory Allocation
CVSS Source:   IBM X-Force
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-4603
DESCRIPTION:   OpenSSL is vulnerable to a denial of service, caused by improper input validation by the EVP_PKEY_param_check() or EVP_PKEY_public_check() function. By parsing a specially crafted DSA public key or DSA parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CWE:   CWE-606: Unchecked Input for Loop Condition
CVSS Source:   IBM X-Force
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-4741
DESCRIPTION:   OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the SSL_free_buffers API function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-5535
DESCRIPTION:   Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a "no overlap" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.
CWE:   CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source:   IBM X-Force
CVSS Base score:   3.7
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-2236
DESCRIPTION:   GnuPG Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a timing-based side-channel flaw in the RSA implementation. By using Bleichenbacher-style attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE:   CWE-208: Observable Timing Discrepancy
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-34397
DESCRIPTION:   GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to signals from a trusted system service. By sending specially crafted D-Bus signals, an attacker could exploit this vulnerability perform unicast spoofing attacks.
CWE:   CWE-290: Authentication Bypass by Spoofing
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2024-6232
DESCRIPTION:   There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CWE:   CWE-1333: Inefficient Regular Expression Complexity
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-8088
DESCRIPTION:   Python CPython is vulnerable to a denial of service, caused by an infinite loop flaw when iterating over names of entries in a zip archive. By using a specially crafted zip archive, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source:   CVE.org
CVSS Base score:   8.7
CVSS Vector:   (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L)

CVEID:   CVE-2024-24791
DESCRIPTION:   Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending "Expect: 100-continue" requests, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-24788
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by a high cpu usage in extractExtendedRCode function in the net module. By sending a specially crafted DNS message in response to a query, a remote attacker could exploit this vulnerability to cause an infinite loop.
CWE:   CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-34158
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Parse. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-674: Uncontrolled Recursion
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-10963
DESCRIPTION:   A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
CWE:   CWE-287: Improper Authentication
CVSS Source:   CVE.org
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-34156
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Decoder.Decode. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-1325: Improperly Controlled Sequential Memory Allocation
CVSS Source:   CISA ADP
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-50602
DESCRIPTION:   An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
CWE:   CWE-754: Improper Check for Unusual or Exceptional Conditions
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-5569
DESCRIPTION:   zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a local attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   6.2
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-34155
DESCRIPTION:   Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in all Parse* functions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-1325: Improperly Controlled Sequential Memory Allocation
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-34064
DESCRIPTION:   Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM X-Force
CVSS Base score:   5.4
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

CVEID:   CVE-2024-3727
DESCRIPTION:   A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
CWE:   CWE-354: Improper Validation of Integrity Check Value
CVSS Source:   IBM X-Force
CVSS Base score:   8.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)