Search for packages
| purl | pkg:pypi/rdiffweb@2.4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1jq8-v6r3-m3c1
Aliases: CVE-2022-3457 GHSA-824x-jcxf-hpfg PYSEC-2022-43161 |
Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-1m9h-vrvu-abb8
Aliases: CVE-2022-3295 GHSA-hrj7-f62f-j7x7 PYSEC-2022-293 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-1sm3-y4rz-33ef
Aliases: CVE-2022-3272 GHSA-qrj3-hrgj-fm7r PYSEC-2022-291 |
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-22gc-9xf5-hqdq
Aliases: CVE-2022-3250 GHSA-m748-hjqg-rpp8 PYSEC-2022-287 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6. |
Affected by 34 other vulnerabilities. |
|
VCID-2eka-zuqa-fqaw
Aliases: CVE-2022-4719 GHSA-2wpw-cm9w-v4xm PYSEC-2022-43005 |
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-2nka-f5cw-7kbh
Aliases: CVE-2022-4723 GHSA-7q4r-x5qg-mmcp PYSEC-2022-43009 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-3hr2-bzjs-v7ae
Aliases: CVE-2022-3456 GHSA-92gf-p376-6r9r PYSEC-2022-43160 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. |
Affected by 12 other vulnerabilities. |
|
VCID-4b33-2gjf-pqaz
Aliases: CVE-2022-4721 GHSA-83pm-7v48-5jp4 PYSEC-2022-43007 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-548j-5gva-qqe6
Aliases: CVE-2022-3376 GHSA-7wr6-fj4x-893v PYSEC-2022-43157 |
rdiffweb allows a new password to be the same as the previous password |
Affected by 19 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-7tka-pn6b-jbb2
Aliases: CVE-2022-3269 GHSA-j3q4-gmj4-mj95 PYSEC-2022-290 |
Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. |
Affected by 32 other vulnerabilities. |
|
VCID-99fm-uh18-sfed
Aliases: CVE-2022-3274 GHSA-gmj8-84r4-h46j PYSEC-2022-289 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7. |
Affected by 32 other vulnerabilities. |
|
VCID-9u3k-3p83-p3ab
Aliases: CVE-2022-3232 GHSA-cw2v-wv4g-w4p6 PYSEC-2022-281 |
rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users |
Affected by 37 other vulnerabilities. |
|
VCID-aqp5-z8th-7ubn
Aliases: CVE-2022-3363 GHSA-jw36-mrvg-j5fx PYSEC-2022-42978 |
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. |
Affected by 18 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-atc1-2w9t-43d6
Aliases: CVE-2022-4644 GHSA-639f-hxcv-84mc PYSEC-2022-43003 |
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. |
Affected by 9 other vulnerabilities. |
|
VCID-c8a3-sja5-h3fa
Aliases: CVE-2022-3364 GHSA-fqfg-c577-2vc3 PYSEC-2022-298 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. |
Affected by 22 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-cv8a-cfqn-nfd4
Aliases: CVE-2022-3438 GHSA-8g9m-vv69-7j99 PYSEC-2022-43158 |
rdiffweb vulnerable to Open Redirect |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-cwte-w97m-f3gd
Aliases: CVE-2023-5289 GHSA-c4rv-2j6x-pq7x PYSEC-2023-186 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. |
Affected by 1 other vulnerability. |
|
VCID-d3u8-9d5e-6uh8
Aliases: CVE-2022-3273 GHSA-9g3v-v24q-jj5p PYSEC-2022-43156 |
rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks |
Affected by 19 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-d7ed-wxmn-1uak
Aliases: CVE-2022-3301 GHSA-qq29-5vjh-vxwr PYSEC-2022-295 |
Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-dy7w-yh68-wyej
Aliases: CVE-2022-3290 GHSA-5v95-j4rr-6f3c PYSEC-2022-292 PYSEC-2022-43184 |
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-euj6-ja79-u3et
Aliases: CVE-2022-3292 GHSA-7fqm-jm52-f9vc PYSEC-2022-296 |
Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. Affected by 25 other vulnerabilities. |
|
VCID-j77n-p4cj-kug2
Aliases: CVE-2023-4138 GHSA-wwrg-2w5j-grvx |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0. |
Affected by 2 other vulnerabilities. |
|
VCID-m2ag-9yup-6ydg
Aliases: CVE-2022-4018 GHSA-4wph-9vrm-6v3w PYSEC-2022-43001 |
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. |
Affected by 19 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-m4hv-bujs-kue6
Aliases: CVE-2022-3326 GHSA-8wxf-c45w-g66g PYSEC-2022-297 |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. |
Affected by 25 other vulnerabilities. |
|
VCID-mnzk-q4ua-3fbx
Aliases: CVE-2022-4724 GHSA-m8r9-qxx8-mrxp PYSEC-2022-43010 |
Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-neep-wzcy-8qd3
Aliases: CVE-2022-4720 GHSA-h5wp-jrqc-cwwx PYSEC-2022-43006 |
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-p9hw-jxf8-7bc9
Aliases: CVE-2022-3371 GHSA-3fhq-72hw-jqwv PYSEC-2022-299 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. |
Affected by 22 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-q25q-wm8n-87ah
Aliases: CVE-2025-67796 GHSA-v4gp-hf5j-4566 |
IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users data and, in some cases, perform privileged actions. This issue may enable cross-tenant access. Fixed in version 2.10.6. |
Affected by 0 other vulnerabilities. |
|
VCID-r5k3-8ezc-9uad
Aliases: CVE-2022-3298 GHSA-xhw9-4wqq-x67v PYSEC-2022-294 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
Affected by 27 other vulnerabilities. |
|
VCID-r9uw-4hx9-rka1
Aliases: CVE-2022-3389 GHSA-hrrm-895h-xh34 PYSEC-2022-302 |
rdiffweb Path Traversal vulnerability |
Affected by 22 other vulnerabilities. |
|
VCID-s4sy-ab6h-b3gq
Aliases: CVE-2022-3362 GHSA-94qm-99qc-qwqj PYSEC-2022-43000 |
Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. |
Affected by 12 other vulnerabilities. |
|
VCID-suj2-f63d-syan
Aliases: CVE-2022-4314 GHSA-g594-55mp-f6q8 PYSEC-2022-43002 |
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. |
Affected by 11 other vulnerabilities. |
|
VCID-tbz3-msw6-87cs
Aliases: CVE-2022-3267 GHSA-74j6-3hh4-w3f5 PYSEC-2022-284 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. |
Affected by 34 other vulnerabilities. |
|
VCID-ujpu-b99m-ffc4
Aliases: CVE-2022-3439 GHSA-x8x2-wc2h-wc48 PYSEC-2022-43159 |
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. |
Affected by 12 other vulnerabilities. |
|
VCID-w75b-cyzd-3ucz
Aliases: CVE-2022-4722 GHSA-wf33-6x33-wcf9 PYSEC-2022-43008 |
Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
Affected by 3 other vulnerabilities. |
|
VCID-x21q-enbg-xyfm
Aliases: CVE-2022-4646 GHSA-85fp-523q-5xwc PYSEC-2022-43004 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4. |
Affected by 9 other vulnerabilities. |
|
VCID-ze97-pshj-auce
Aliases: CVE-2022-3327 GHSA-99j5-fvg3-54pm PYSEC-2022-42977 |
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. |
Affected by 22 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-zp3a-ty3v-p7es
Aliases: CVE-2022-3233 GHSA-9vxf-mcm6-5m42 PYSEC-2022-285 |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. |
Affected by 34 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||