News

PSF is urging its legion of Python users to upgrade systems to Python 3.8.8 or 3.9.2, in particular to address the remote code execution (RCE) vulnerability that's tracked as CVE-2021-3177.
Trellix is working to push code via GitHub pull request to protect open-source projects from the vulnerability. Trellix currently has patches available for 11,005 repositories ready for pull requests.
CVE-2021-38305 allows attackers to bypass existing protections and run arbitrary Python code by manipulating the schema file provided as input to Yamale, according to the JFrog security research team.
Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software. Attackers who are targeting open-source package repositories ...
This vulnerability results in Remote Code Execution by logging a certain string. Considering the ubiquitousness of the library, ... December release of Python VS Code now available.
Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to ...
The vulnerability, which has existed since September 2017, exposed the source code of customer applications written in PHP, Python, Ruby or Node that were deployed using “Local Git.” ...
Proof-of-concept code found on the GitHub repository could allow attackers to easily take advantage of a recently identified vulnerability in the Apache Struts 2 framework.
On Thursday, Fortinet released an update for FortiWeb. Exploits have emerged that abuse the critical gap.
The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages.