Pocoo
Products by Pocoo Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Pocoo . Pocoo did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 1 | 7.80 |
2020 | 0 | 0.00 |
2019 | 1 | 9.80 |
2018 | 0 | 0.00 |
It may take a day or so for new Pocoo vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pocoo Security Vulnerabilities
Babel.Locale in Babel before 2.9.1
CVE-2021-42771
7.8 - High
- October 20, 2021
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Directory traversal
An issue was discovered in Jinja2 2.10
CVE-2019-8341
9.8 - Critical
- February 15, 2019
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing
Code Injection
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which
CVE-2014-0012
- May 19, 2014
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
Permissions, Privileges, and Access Controls