![]() ![]() We also demonstrate how chaining three vulnerabilities discovered during this engagement would allow an attacker to compromise the user’s workstation when using HEY for Desktop.ĭownload the HEY audit summary deliverable: Doyensec_Basecamp_HEY_PlatformTesting_Q32020_SAS.pdfĭuring our research on ReDoS, Doyensec reported several vulnerabilities: #HOPPER DISASSEMBLER NODEJS ANDROID# CVE-2020-5243: uap-core affecting uap-python, uap-ruby, etc.CVE-2020-8492: cpython’s urllib.request (WWW-Authenticate header parsing).CVE-2021-21240: httplib2 (WWW-Authenticate header parsing).CVE-2021-27291: pygments lexers for ADL, CADL, Ceylon, Evoque, Factor, Logos, Matlab, Octave, ODIN, Scilab & Varnish VCL (Syntax highlighting).CVE-2021-27293: RestSharp (JSON deserialisation in a.bpo-38804: cpython’s okiejar (Set-Cookie header parsing). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |