首页
社区
课程
招聘
[转帖]Cache poisoning in popular open source packages
发表于: 2021-1-20 08:49 1838

[转帖]Cache poisoning in popular open source packages

2021-1-20 08:49
1838

Cache poisoning in popular open source packages

Following research done by James Kettle from PortSwigger on web cache poisoning, Snyk’s Security Team decided to deepen our knowledge in this field and to explore these vulnerabilities in the open source domain. We focused our research on the most popular web frameworks both in npm and PyPi, such as Flask (Werkzeug), Bottle, Tornado, and DerbyJS.


This blog post provides an introduction to web cache poisoning and demonstrates why open source maintainers should take this issue into account. Furthermore, this blog provides vulnerability examples within well known open source frameworks that were found to be vulnerable during Snyk’s initial research.

https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/



[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

最后于 2021-1-20 08:49 被linhanshi编辑 ,原因:
收藏
免费 2
支持
分享
最新回复 (2)
雪    币: 2341
活跃值: (8745)
能力值: ( LV2,RANK:15 )
在线值:
发帖
回帖
粉丝
2

网页本地存档

上传的附件:
2021-1-20 17:12
0
雪    币: 97697
活跃值: (200839)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
3
FleTime 网页本地存档
2021-1-20 17:14
0
游客
登录 | 注册 方可回帖
返回
//