From 95cec2d81c50722abbfcd46957ab184c3c767cf3 Mon Sep 17 00:00:00 2001 From: Luca Carettoni Date: Thu, 11 Mar 2021 15:30:23 +0100 Subject: [PATCH] Update README.md --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c70ef50..63f711c 100644 --- a/README.md +++ b/README.md @@ -147,17 +147,18 @@ regexploit-csharp something.cs ``` # :trophy: Bugs reported :trophy: -* [bpo-38804: cpython's http.cookiejar](https://github.com/python/cpython/pull/17157) (Set-Cookie header parsing) * [CVE-2020-5243: uap-core](https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p) affecting uap-python, [uap-ruby](https://github.com/ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw), etc. (User-Agent header parsing) * [CVE-2020-8492: cpython's urllib.request](https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4) (WWW-Authenticate header parsing) * [CVE-2021-21236: CairoSVG](https://github.com/advisories/GHSA-hq37-853p-g5cf) (SVG parsing) * [CVE-2021-21240: httplib2](https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m) (WWW-Authenticate header parsing) * [CVE-2021-25292: python-pillow](https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c) (PDF parsing) * [CVE-2021-26813: python-markdown2](https://github.com/trentm/python-markdown2/pull/387) (Markdown parsing) -* [CVE-2021-27290: npm/ssri](https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2) (SRI parsing) +* [CVE-2021-27290: npm/ssri](https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf) (SRI parsing) * [CVE-2021-27291: pygments](https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14) lexers for ADL, CADL, Ceylon, Evoque, Factor, Logos, Matlab, Octave, ODIN, Scilab & Varnish VCL (Syntax highlighting) * [CVE-2021-27292: ua-parser-js](https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566) (User-Agent header parsing) * [CVE-2021-27293: RestSharp](https://github.com/restsharp/RestSharp/issues/1556) (JSON deserialisation in a .NET C# package) +* [bpo-38804: cpython's http.cookiejar](https://github.com/python/cpython/pull/17157) (Set-Cookie header parsing) +* [SimpleCrawler (archived)](https://doyensec.com/resources/Doyensec_Advisory_simplecrawler_redos.pdf) (HTML parsing) * CVE-2021-28092: to be released * Plus unpublished bugs in a handful of pypi, npm, ruby and nuget packages