Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-07T01:14:43.374229+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/67e4e73d-85ad-4e6b-9b05-492f0aa12f45/export 67e4e73d-85ad-4e6b-9b05-492f0aa12f45 2026-05-07T01:14:43.854680+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "67e4e73d-85ad-4e6b-9b05-492f0aa12f45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32758", "type": "seen", "source": "https://t.me/cibsecurity/64078", "content": "\u203c CVE-2023-32758 \u203c\n\ngiturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-15T07:29:12.000000Z"} 2023-05-15T07:29:12+00:00 https://vulnerability.circl.lu/sighting/a2f06e9b-1ed3-43e2-9c52-fd8d1394fa8c/export a2f06e9b-1ed3-43e2-9c52-fd8d1394fa8c 2026-05-07T01:14:43.851893+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "a2f06e9b-1ed3-43e2-9c52-fd8d1394fa8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32758", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2814", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32758\n\ud83d\udd39 Description: giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.\n\ud83d\udccf Published: 2023-05-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-23T19:38:56.258Z\n\ud83d\udd17 References:\n1. https://github.com/coala/git-url-parse/blob/master/giturlparse/parser.py#L53\n2. https://pypi.org/project/git-url-parse\n3. https://github.com/returntocorp/semgrep/pull/7611\n4. https://github.com/returntocorp/semgrep/pull/7955\n5. https://github.com/returntocorp/semgrep/pull/7943", "creation_timestamp": "2025-01-23T20:03:34.000000Z"} 2025-01-23T20:03:34+00:00