Latest version: v2.0.2
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2023-40587 | 60688 |
Pyramid 2.0.2 includes a fix for CVE-2023-40587: A path traversal vul… |
|
MEDIUM | 5.3 |
| CVE-2014-4671 | 32204 |
pyramid before 1.6a2 isn't sanitising JSONP callbacks correctly, see … |
|
MEDIUM | 4.3 |
| PVE-2021-32203 | 32203 |
Pyramid 1.6a1 prevents timing attacks in 'AuthTktCookieHelper' and 'S… |
|
HIDDEN | X.Y |
| PVE-2022-48337 | 48337 |
Pyramid 1.6a1 prevents timing attacks against CSRF tokens. https://g… |
|
HIDDEN | X.Y |
| PVE-2021-32201 | 32201 |
In pyramid 1.4a4 the ``pyramid.authentication.AuthTktAuthenticationPo… |
|
- | - |
| PVE-2021-32688 | 32688 |
The AuthTktAuthenticationPolicy in pyramid before 1.3a1 did not use a… |
|
HIDDEN | X.Y |
| PVE-2021-32194 | 32194 |
The default Mako renderer in pyramid 1.1a1 is configured to escape al… |
|
HIDDEN | X.Y |
| PVE-2021-32685 | 32685 |
In pyramid before 1.0a3, the pylons_* paster template used the same s… |
|
HIDDEN | X.Y |
| PVE-2021-32184 | 32184 |
Pyramid 0.4.2 changes the default paster template generator to use ``… |
|
- | - |