m5/CoreMP135_buildroot
0
0
Fork 0
mirror of https://github.com/m5stack/CoreMP135_buildroot.git synced 2026-05-20 11:24:29 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
67f4794de1d87f25a2fad13c854a330f286d08ba
CoreMP135_buildroot/package/python-web2py
T
History
Peter Korsgaard a534030c6e python-web2py: security bump to version 2.14.6 
CVE-2016-4806 - Web2py versions 2.14.5 and below was affected by Local File
Inclusion vulnerability, which allows a malicious intended user to
read/access web server sensitive files.

CVE-2016-4807 - Web2py versions 2.14.5 and below was affected by Reflected
XSS vulnerability, which allows an attacker to perform an XSS attack on
logged in user (admin).

CVE-2016-4808 - Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site Request Forgery) vulnerability, which allows an attacker to trick a
logged in user to perform some unwanted actions i.e An attacker can trick an
victim to disable the installed application just by sending a URL to victim.

CVE-2016-10321 - web2py before 2.14.6 does not properly check if a host is
denied before verifying passwords, allowing a remote attacker to perform
brute-force attacks.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:16 +02:00
..
Config.in
python-web2py.hash
python-web2py: security bump to version 2.14.6
2017-04-26 09:20:16 +02:00
python-web2py.mk
python-web2py: security bump to version 2.14.6
2017-04-26 09:20:16 +02:00
S51web2py
web2py.service