Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    PYSEC-2023-93

    Vulnerability from pysec - Published: 2023-06-30 18:15 - Updated: 2023-06-30 20:25
    VLAI
    Details

    pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

    Impacted products
    Name purl
    pacparser pkg:pypi/pacparser

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "pacparser",
            "purl": "pkg:pypi/pacparser"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "1.4.2"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "1.3.7",
            "1.3.7rc1",
            "1.3.7rc5",
            "1.3.7rc6",
            "1.3.8.dev15",
            "1.3.8.dev18",
            "1.3.8.dev39",
            "1.3.9",
            "1.3.9.dev7",
            "1.3.9.dev8",
            "1.4.0",
            "1.4.0.dev1",
            "1.4.0.dev3",
            "1.4.1",
            "1.4.1.dev10",
            "1.4.1.dev13",
            "1.4.1.dev14",
            "1.4.1.dev15",
            "1.4.1.dev16",
            "1.4.1.dev7",
            "1.4.1.dev8",
            "1.4.1.dev9",
            "1.4.2.dev1",
            "1.4.2.dev4",
            "1.4.2.dev5"
          ]
        }
      ],
      "aliases": [
        "CVE-2023-37360",
        "GHSA-62q6-v997-f7v9"
      ],
      "details": "pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).",
      "id": "PYSEC-2023-93",
      "modified": "2023-06-30T20:25:46.450877+00:00",
      "published": "2023-06-30T18:15:00+00:00",
      "references": [
        {
          "type": "ADVISORY",
          "url": "https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9"
        }
      ]
    }