link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-46303: GitHub - 0x1717/ssrf-via-img: SSRF Vulnerability in PANDOC and CALIBRE

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.

Expand Up @@ -2798,7 +2798,7 @@ - (void)reallyExecuteToken:(VT100Token \*)token { } case XTERMCC\_REPORT\_ICON\_TITLE: { NSString \*s = \[NSString stringWithFormat:@"\\033\]L%@\\033\\\\", \[\_delegate terminalIconTitle\]\]; \[self reportSafeTitle:\[\_delegate terminalIconTitle\]\]\]; \[\_delegate terminalSendReport:\[s dataUsingEncoding:NSUTF8StringEncoding\]\]; break; } Expand All @@ -2807,7 +2807,7 @@ - (void)reallyExecuteToken:(VT100Token \*)token { // That was wrong and may cause bug reports due to breaking bugward compatibility. // (see xterm docs) NSString \*s = \[NSString stringWithFormat:@"\\033\]l%@\\033\\\\", \[\_delegate terminalWindowTitle\]\]; \[self reportSafeTitle:\[\_delegate terminalWindowTitle\]\]\]; \[\_delegate terminalSendReport:\[s dataUsingEncoding:NSUTF8StringEncoding\]\]; break; } Expand Down Expand Up @@ -3460,14 +3460,6 @@ - (NSString \*)decrqssDECSLPP { return \[@(height) stringValue\]; }  
\- (NSString \*)decrqssDECSCPP { return self.columnMode ? @"132" : @"80"; }  
\- (NSString \*)decrqssDECNLS { return \[@(\[self.delegate terminalSizeInCells\].height) stringValue\]; }  
\- (iTermPromise<NSString \*> \*)decrqssPayloadPromise:(NSString \*)pt { if (\[pt isEqualToString:@"m"\]) { return \[iTermPromise promiseValue:\[self decrqssSGR\]\]; Expand All @@ -3490,12 +3482,7 @@ - (NSString \*)decrqssDECNLS { if (\[pt isEqualToString:@"t"\]) { return \[iTermPromise promiseValue:\[self decrqssDECSLPP\]\]; } if (\[pt isEqualToString:@"$|"\]) { return \[iTermPromise promiseValue:\[self decrqssDECSCPP\]\]; } if (\[pt isEqualToString:@"\*|"\]) { return \[iTermPromise promiseValue:\[self decrqssDECNLS\]\]; } // DECSCPP and DECNLS not supported for security reasons.  
return \[iTermPromise promiseDefaultError\]; } Expand Down Expand Up @@ -5303,6 +5290,20 @@ - (NSString \*)subtitleFromIconTitle:(NSString \*)title { return \[title substringFromIndex:NSMaxRange(newlineRange)\]; }  
// Convert a title into a string that is safe to transmit in a report. // The goal is to make it hard for an attacker to issue a report that could be part of a command. \- (NSString \*)reportSafeTitle:(NSString \*)unsafeTitle { NSCharacterSet \*unsafeSet = \[NSCharacterSet characterSetWithCharactersInString:@"|;\\r\\n\\e"\]; NSString \*result = unsafeTitle; NSRange range; range = \[result rangeOfCharacterFromSet:unsafeSet\]; while (range.location != NSNotFound) { result = \[result stringByReplacingCharactersInRange:range withString:@" "\]; range = \[result rangeOfCharacterFromSet:unsafeSet\]; } return result; } // This is used for titles received from the remote host. \- (NSString \*)sanitizedTitle:(NSString \*)unsafeTitle { // Very long titles are slow to draw in the tabs. Limit their length and // cut off anything after newline since it wouldn't be visible anyway. Expand Down

CVE-2023-46301: Fixes for method 1. · gnachman/iTerm2@b2268b0

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

**Verify canary release**

*   I verified that the issue exists in the latest Next.js canary release

**Provide environment information**

    Operating System:
      Platform: darwin
      Arch: arm64
      Version: Darwin Kernel Version 22.2.0: Fri Nov 11 02:03:51 PST 2022; root:xnu-8792.61.2~4/RELEASE_ARM64_T6000
    Binaries:
      Node: 16.19.0
      npm: 9.4.0
      Yarn: 1.22.19
      pnpm: 7.26.0
    Relevant packages:
      next: 13.1.6-canary.1
      eslint-config-next: 13.1.5
      react: 18.2.0
      react-dom: 18.2.0
    

**Which area(s) of Next.js are affected? (leave empty if unsure)**

Data fetching (gS(S)P, getInitialProps)

**Link to the code that reproduces this issue**

https://github.com/muntamala/nextjs-no-cache-issue

**To Reproduce**

Run the server in production mode

    yarn
    yarn build
    yarn start
    

and navigate to http://localhost:3000/. Observer the network for example with chrome developer tools. When loading the  
static home page the app also prefetches the ssr pages json. What the response for the SSR page json is missing is  
cache-control no-cache directive. Navigating to the ssr page results in the ssr pages json being re-fetched and this time  
it does include the no-cache directive but if there would be a caching element in between like a CDN then we would not hit  
the actual api until the empty cached response expires.

**Describe the Bug**

Prefetch of data for SSR pages returning empty object without a cache-control header having no-cache directive. This can potentially cause issues with CDNs as it did in our case. For example CloudFront having a default TTL value of higher than 0, which by default is 24h, would result in the CDN caching the empty response. The empty cached response would then be served by the CDN when user navigates to the SSR page and the page tries to fetch server side props using the same URL (.../ssr.json)

The enabler for this behaviour seems to be using a middleware. If a middleware (middleware.ts) is present then the  
prefetch for pages is done separately for each page whose path is present on the page via Link component (prefetch true).

**Expected Behavior**

I'd expect next.js to behave sensibly in terms of cache control and set no-cache directive for getServerSideProps as  
stated in next.js documentation:

    If the page uses getServerSideProps or getInitialProps, it will use the default Cache-Control header set by next start
    in order to prevent accidental caching of responses that cannot be cached. If you want a different cache behavior while 
    using getServerSideProps, use res.setHeader('Cache-Control', 'value_you_prefer') inside of the function as shown above.
    

**Which browser are you using? (if relevant)**

Google Chrome 109.0.5414.119 (Official Build) (arm64)

**How are you deploying your application? (if relevant)**

yarn build, yarn start

CVE-2023-46298: Missing cache control directive for server side props response when using middleware and prefetch · Issue #45301 · vercel/next.js

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site.  IBM X-Force ID:  262482.

  

**Summary**

IBM Cognos Dashboards on Cloud Pak for Data 4.7.3 resolves vulnerabilities reported in the Node.js February 2023 (CVE-2023-23918, CVE-2023-23920, CVE-2023-24807, CVE-2023-23936, CVE-2023-23919) and June 2023 (CVE-2023-30588, CVE-2023-30589) Security Releases as well as vulnerabilities in Python (CVE-2023-27043) , Python Pypa setuptools (CVE-2022-40897) and Apache HttpClient (CVE-2020-13956) that could allow a remote attacker to bypass security restrictions. Additionally, a reverse tabnabbing vulnerability (CVE-2023-38735) and vulnerabilities that expose sensitive information and lead to further attacks have been resolved (CVE-2023-38275, CVE-2023-38276).

**Vulnerability Details**

**CVEID:**   CVE-2023-27043  
**DESCRIPTION:**   Python could allow a remote attacker to bypass security restrictions, caused by a parsing flaw in the email.utils.parsaddr() and email.utils.getaddresses() functions. By sending a specially-crafted e-mail addresses with a special character, an attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253191 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2023-30588  
**DESCRIPTION:**   Node.js is vulnerable to a denial of service, caused by invalid public key information in x509 certificates. By accessing public key info of provided certificates from user code, an attacker could exploit this vulnerability to force interruptions of application processing and cause a denial of service.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258623 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2023-30589  
**DESCRIPTION:**   Node.js is vulnerable to HTTP request smuggling, caused by the failure to strictly use the CRLF sequence to delimit HTTP requests by the llhttp parser in the http module. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258624 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

**CVEID:**   CVE-2023-38275  
**DESCRIPTION:**   IBM Cognos Dashboards exposes sensitive information in container images which could lead to further attacks against the system.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260735 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2023-38276  
**DESCRIPTION:**   IBM Cognos Dashboards exposes sensitive information in environment variables which could aid in further attacks against the system.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260736 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2023-23918  
**DESCRIPTION:**   Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable the experimental permissions option with --experimental-policy. By sending a specially-crafted request using process.mainModule.require(), an attacker could exploit this vulnerability to bypass Permissions and access non authorized modules.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247698 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

**CVEID:**   CVE-2023-23920  
**DESCRIPTION:**   Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICU\_DATA environment variable, an attacker could exploit this vulnerability to search and potentially load ICU data.  
CVSS Base score: 2.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247694 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2023-24807  
**DESCRIPTION:**   Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Headers.set() and Headers.append() methods in the fetch API. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247695 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2023-23936  
**DESCRIPTION:**   Node.js is vulnerable to CRLF injection, caused by a flaw in the fetch API. By sending a specially-crafted HTTP response containing CRLF character sequences, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, session hijacking, HTTP response splitting or HTTP header injection.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247696 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**   CVE-2023-23919  
**DESCRIPTION:**   Node.js is vulnerable to a denial of service, caused by not clear the OpenSSL error stack after operations. By sending specially-crafted cryptographic operations, a remote attacker could exploit this vulnerability to cause a denial of service condition.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247697 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2020-13956  
**DESCRIPTION:**   Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189572 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2023-38735  
**DESCRIPTION:**   IBM Cognos Dashboards could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site.  
CVSS Base score: 5.7  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262482 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)

**CVEID:**   CVE-2022-40897  
**DESCRIPTION:**   Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attacker could exploit this vulnerability to cause a denial of service.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243028 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM Cognos Dashboards on Cloud Pak for Data

4.7.0

**Remediation/Fixes**

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

20 Oct 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSHGYS","label":"IBM Cloud Pak for Data"},"Component":"Dashboard","Platform":\[{"code":"PF025","label":"Platform Independent"}\],"Version":"4.7.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2023-38735: Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system.  IBM X-Force ID:  260736.

CVE-2023-38276: IBM Cognos Dashboards on Cloud Pak for Data information disclosure CVE-2023-38276 Vulnerability Report

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system.  IBM X-Force ID:  260730.

CVE-2023-38275: IBM Cognos Dashboards information disclosure CVE-2023-38275 Vulnerability Report

Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions.

**Solution**

 No fix

No patched version is available.

Skalucy discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Serial Numbers for WooCommerce – License Manager Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-46078: WordPress Serial Numbers for WooCommerce – License Manager plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.

**Solution**

 No fix

No patched version is available.

Found this useful? Thank Abdi Pranata for reporting this vulnerability. Buy a coffee ☕

Abdi Pranata discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Rocket Font Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-46067: WordPress Rocket Font plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

**Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')**

CVE

CVE-2023-5205

CVSS

6.4 (Medium)

Publicly Published

October 20, 2023

Last Updated

October 21, 2023

Researcher

Francesco Carlucci  

**Description**

The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add\_custom\_body\_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

**References**

*   plugins.trac.wordpress.org

**Share**

**1 affected software package**

Software Type

Plugin

Software Slug

add-custom-body-class (view on wordpress.org)

Patched?

No

Remediation

No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Affected Version

*   <= 1.4.1

This record contains material that is subject to copyright.

**Copyright 2012-2023 Defiant Inc.**

**License:** Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. **Read more.**

**Copyright 1999-2023 The MITRE Corporation**

**License:** CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. **Read more.**

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

All the threat data shared in this database is powered by **Wordfence Intelligence Enterprise**.  
Interested in integrating this data into your platform or network?  
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?  
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

CVE-2023-5205: Add Custom Body Class <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Wordfence Intelligence

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

This record contains material that is subject to copyright.

**Copyright 2012-2023 Defiant Inc.**

**License:** Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. **Read more.**

**Copyright 1999-2023 The MITRE Corporation**

**License:** CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. **Read more.**

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

Source

CVE