Webtagr - Technology News Summarizer

Critical Vulnerability: .netrc Credential Leak in PSF Requests Library

2025-06-03

A critical security vulnerability (CVE-2024-47081) has been discovered in the widely used Python Requests library. Attackers can exploit a specific API call to leak credentials stored in the .netrc file to third parties. The vulnerability stems from the library's URL handling and was reported in September 2024, but remains unpatched. As a workaround, users are advised to explicitly specify credentials on every API call.

Three Bypasses of Ubuntu's Unprivileged User Namespace Restrictions

2025-03-29

Qualys Security Advisory details three bypasses discovered in Ubuntu 24.04's unprivileged user namespace restrictions. Attackers can leverage default tools like aa-exec and busybox, or use LD_PRELOAD to gain administrator privileges within a namespace, circumventing security measures. These exploits take advantage of AppArmor profiles that allow creating namespaces with full capabilities, potentially enabling exploitation of kernel vulnerabilities requiring privileges like CAP_SYS_ADMIN or CAP_NET_ADMIN.

Python's Official Docs Contain Textbook XSS Vulnerability

2025-02-23

Security researcher Georgi Guninski discovered a critical cross-site scripting (XSS) vulnerability in a code example within the Python 3.12 official documentation's CGI module. The vulnerability stems from directly outputting user-supplied form data without any sanitization. This poses a significant risk to Python web development and potentially impacts AI-generated code like that from ChatGPT and Deepseek. While the CGI module is removed in Python 3.13, a substantial amount of legacy code remains vulnerable.