playwright-core is an A high-level API to automate web browsers

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via improper verification of cryptographic signatures during package installation. An attacker can impersonate trusted entities by spoofing expected servers over an adjacent network.

nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the logging extension. An attacker can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

This vulnerability is only exploitable when using the default Triton Server binary bundled in /pytriton/tritonserver/bin/tritonserver.

It is possible to update the Triton Server binary to a patched version independently of PyTriton; See Building binaries from source.

Affected versions of this package are vulnerable to Trusting HTTP Permission Methods on the Server Side via the /management/commands endpoint. An attacker can trick the user into clicking a specially crafted link, potentially leading to code execution on the target page, theft of session information, and account takeover.