mengww
mengww
Hi, When I try the product, I find that it is easy to bypass the file type restriction on the uploading functionality. The issue is CWE-646: Reliance on File Name...
**Describe the bug** The vulnerable code is [here](https://github.com/cpacker/MemGPT/blob/dfc4207866e8770c5c073e3430037cfc7cc43f05/memgpt/server/rest_api/auth_token.py#L14) An attacker could leverage the differences between the execution time to recover the secrets. String comparison `==` is not a constant implementation,...
**Environment information:** - OS: Ubuntu-22 - Python version: 3.9 - TabPy release: 2.9.0 **Describe the issue** In [code](https://github.com/tableau/TabPy/blob/bc88276609051c472da83443750afe3075536c83/tabpy/utils/tabpy_user.py#L79) User name and password is directly put into logger. It is a...
**Describe the bug/problem** In the code [here](https://github.com/janeczku/calibre-web/blob/3a603cec22b8072f9c1991a48897484ec5a45004/cps/editbooks.py#L741), it uses the user provided file extension to determine the file type. However, it is possible to bypass it with a crafted a...
### Your environment Latest one ### Describe your questions In [code](https://github.com/CloudOrc/SolidUI/blob/00d96b53bd0acf082996cef45b0f292eaba22fb7/solidui/spaces_plugin/app.py#L77) here, the open API key is output to the stdout. It could potentially leak the key to unauthorized actor...
**Describe the bug** In the settings' `__init__` function, it stores sensitive data including onedrive password, AWS key into a plaintext env file which is a potential security issue described in...
In code [here](https://github.com/cms-sw/cmssw/blob/22f751f0592542ae94a797e3fc22294ddc4626cf/Alignment/MuonAlignmentAlgorithms/python/alignBH_cfg.py#L10), it directly `eval` the value from environment variable. A malicous local actor could set something like `export ALIGNMENT_PHOTOGRAMMETRY='os.system("touch rickroll")'` to execute arbitrary commands. It would be better...
In code [here](https://github.com/aiwaves-cn/agents/blob/350246d926c41728610fba73b7703c9d65b20567/src/agents/utils.py#L435), it `eval` an environment. A malicious local actor could set some values like `export FETSIZE='os.system("touch rickroll")'` to execute code. This issue is similar to [CVE-2022-2054](https://huntr.com/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7).
Currently the user-specified path could point to any folder and `dotenv` will parse them anyway even if it is files like `/etc/passwd`. The content of the target file would be...
* pyspider version: 0.3.10 * Operating system: Ubuntu-22.04 * Start up command: ### Expected behavior The vulnerable code is [here](https://github.com/binux/pyspider/blob/897891cafb21ea5b4ac08e728ad2ea212879f7fa/pyspider/webui/login.py#L45), the password comparison should use a constant time algorithm ###...