Homepage
About Snyk

pyramid@1.4.2 vulnerabilities

The Pyramid Web Framework, a Pylons project

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pyramid package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Timing Attack

pyramid is a Python Web Framework.

Affected versions of this package are vulnerable to Timing Attack. Several timing attack vectors exist in the AuthTktCookieHelper and the SignedCookieSessionFactory as well as via CSRF tokens.

How to fix Timing Attack?

Upgrade pyramid to version 1.6a1 or higher.

[,1.6a1)
  • M
Cross-site Scripting (XSS)

Affected versions of pyramid are vulnerable to Cross-Site Scripting (XSS) attack.

How to fix Cross-site Scripting (XSS)?

Upgrade pyramid to version 1.6a2 or higher.

[,1.6a2)
Go back to all versions of this package