Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
PYSEC-2023-93
Vulnerability from pysec - Published: 2023-06-30 18:15 - Updated: 2023-06-30 20:25
VLAI?
Details
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).
Impacted products
| Name | purl | pacparser | pkg:pypi/pacparser |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pacparser",
"purl": "pkg:pypi/pacparser"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.3.7",
"1.3.7rc1",
"1.3.7rc5",
"1.3.7rc6",
"1.3.8.dev15",
"1.3.8.dev18",
"1.3.8.dev39",
"1.3.9",
"1.3.9.dev7",
"1.3.9.dev8",
"1.4.0",
"1.4.0.dev1",
"1.4.0.dev3",
"1.4.1",
"1.4.1.dev10",
"1.4.1.dev13",
"1.4.1.dev14",
"1.4.1.dev15",
"1.4.1.dev16",
"1.4.1.dev7",
"1.4.1.dev8",
"1.4.1.dev9",
"1.4.2.dev1",
"1.4.2.dev4",
"1.4.2.dev5"
]
}
],
"aliases": [
"CVE-2023-37360",
"GHSA-62q6-v997-f7v9"
],
"details": "pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).",
"id": "PYSEC-2023-93",
"modified": "2023-06-30T20:25:46.450877+00:00",
"published": "2023-06-30T18:15:00+00:00",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9"
}
]
}