윤석찬

A vulnerability in Python allows quadratic complexity parsing when handling cookies containing backslashes, potentially leading to performance degradation.

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, `EmailValidator` and `URLValidator` are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

A vulnerability in the Django `intcomma` template filter could lead to a potential denial of service if certain crafted inputs are processed.

A vulnerability in Django's `Truncator.words()` function may allow a ReDoS attack under certain circumstances.

The browserable API of the Django Rest Framework is vulnerable to cross-site scripting due to improper sanitization of user-supplied inputs.

A vulnerability in Django's `urlize` function and `AdminURLFieldWidget` could allow for a denial of service under specific crafted input conditions.

A vulnerability in the `HasKey` function in Django when using Oracle databases may allow a potential SQL injection.

Internal HTTP response logging used request.path directly, allowing control characters (e.g. newlines or ANSI escape sequences) to be written unescaped into logs.

A vulnerability in Apache Airflow's scheduler allows DAG authors to execute arbitrary code, potentially compromising the scheduler node.

Improper sanitization in Apache Airflow's web interface could lead to a cross-site scripting vulnerability.

Authenticated DAG authors in Apache Airflow can execute arbitrary code on scheduler nodes, leading to potential system compromise.

Vulnerabilities in Ruby's REXML library allow attackers to cause a denial of service by crafting malicious XML inputs.

Ruby on Rails' Action Controller is vulnerable to a potential regular expression denial of service when handling HTTP token authentication.

A vulnerability in Rails' Action Dispatch may allow a regular expression denial of service when filtering query parameters.

Spring Framework is vulnerable to a potential denial of service caused by a crafted conditional HTTP request.

GitHub is vulnerable to a potential denial of service caused by a malicously crafted HTTP request.

NAVER is vulnerable to a stored-xss caused by a crafted payload.

NAVER is vulnerable to a SQL injection caused by a crafted payload.

NAVER is vulnerable to a stored XSS caused by a crafted payload.