Security Vulnerabilities - CVEs Published In July 2020
This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file).
CVSS Score
3.7
EPSS Score
0.002
Published
2020-07-27
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-07-27
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-07-27
Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.022
Published
2020-07-27
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
CVSS Score
7.4
EPSS Score
0.012
Published
2020-07-27
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-07-25
This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-07-25
This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-07-25
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-07-25
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-07-25