JVNDB-2023-000093 - JVN iPedia - Ǝ㐫΍f[^x[X
ypKChz

[English]

JVNDB-2023-000093

Pyramid ɂfBNggo[T̐Ǝ㐫

Tv

Pylons Project 񋟂 Pyramid ́APython p Web t[[NłBPyramid ɂ́AfBNggo[T (CWE-22) ̐Ǝ㐫݂܂B

̐Ǝ㐫́AZLeBxp[gi[VbvɊÂL̕ IPA ɕ񍐂AJPCERT/CC J҂Ƃ̒s܂B
񍐎: ЃbN Ri

CVSS ɂ[x (CVSS Ƃ?)

CVSS v3 ɂ[x
{l: 3.7 () [IPAl]
  • U敪: lbg[N
  • U̕G:
  • UɕKvȓx: sv
  • p҂̊֗^: sv
  • ȇz͈: ύXȂ
  • @ւ̉e(C):
  • Sւ̉e(I): Ȃ
  • —pւ̉e(A): Ȃ
CVSS v2 ɂ[x
{l: 4.3 (x) [IPAl]
  • U敪: lbg[N
  • U̕G:
  • UO̔Fؗv: sv
  • @ւ̉e(C): I
  • Sւ̉e(I): Ȃ
  • —pւ̉e(A): Ȃ
e󂯂VXe

ȉ̃o[W Pyramid ō쐬AvP[V Python 3.11.0 3.11.4 g‹ɃfvCĂꍇA{Ǝ㐫̉e󂯂܂B

pylonsproject
  • Pyramid o[W 2.0.0  2.0.1

z肳e

׍HꂽNGXgɂāAÓIt@CzMfBNg̈Kw̃fBNgɂ index.html ɃANZX”\܂B
΍

[Abvf[g]
J҂񋟂ƂɁAŐVłɃAbvf[gĂB

ڍׂ́AJ҂񋟂QƂB
x_

pylonsproject
CWEɂƎ㐫^Cvꗗ  CWEƂ?

  1. pXEgo[T(CWE-22) [IPA]]
ʐƎ㐫ʎq(CVE)  CVEƂ?

  1. CVE-2023-40587
Ql

  1. JVN : JVN#41113329
  2. National Vulnerability Database (NVD) : CVE-2023-40587
  3. ֘A : GHSA-65fx-pmw6-rcfm: CVE-2023-41105
XV

  • [2023N0911]
      f
  • [2024N0516]
      QlFNational Vulnerability Database (NVD) (CVE-2023-40587) lj

\2023/09/11
o^2023/09/11
ŏIXV2024/05/16