Prisma is an open source ORM for Node.This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the getPackedPackage function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase.
Improper Neutralization in tech.pegasys.discovery:discovery.
Open Container Initiative umoci allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when umoci unpack or umoci raw unpack is used.
Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node private key is not compromised, only the session key generated to communicate with an individual …
Sidekiq allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
Nats is a Node.js client for the NATS messaging system. Problem Description Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementations were fully serialized and sent to the server in the client's CONNECT message, immediately after TLS establishment. …
A flaw was found in Nettle, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
WSO2 Management Console allows XSS via the carbon/admin/login.jsp msgId parameter.
WSO2 Management Console allows XSS via the carbon/admin/login.jsp msgId parameter.
WSO2 Management Console allows XSS via the carbon/admin/login.jsp msgId parameter.
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a request parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the request_uri parameter. CXF was not validating the request_uri parameter (apart from ensuring it uses https) and …
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a request parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the request_uri parameter. CXF was not validating the request_uri parameter (apart from ensuring it uses https) and …
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a request parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the request_uri parameter. CXF was not validating the request_uri parameter (apart from ensuring it uses https) and …
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a request parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the request_uri parameter. CXF was not validating the request_uri parameter (apart from ensuring it uses https) and …
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a request parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the request_uri parameter. CXF was not validating the request_uri parameter (apart from ensuring it uses https) and …
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a request parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the request_uri parameter. CXF was not validating the request_uri parameter (apart from ensuring it uses https) and …
Instead of sending a JWT token as a request parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the request_uri parameter. CXF was not validating the request_uri parameter and was making a REST request to the parameter in the request to retrieve a token.
docsify is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character.
In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.
In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.
In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.
In Eclipse Jetty to alpha0 to alpha0 to, CPU usage can reach % upon receiving a large invalid TLS frame.
A crafted input file supplied by an attacker that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
In Eclipse Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
In Eclipse Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
In Eclipse Jetty v20210219 to v20210224, the default compliance mode allows requests with URIs that contain %2e o`` %2e%2esegments to access protected resources within the WEB-INF directory. For example a request to/context/%2e/WEB-INF/web.xmlcan retrieve theweb.xml` file. This can reveal sensitive information regarding the implementation of a web application.
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too.
In Eclipse Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
curl to and including is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
In Eclipse Jetty, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory.
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. …
In Eclipse Jetty, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
In Eclipse Jetty to beta2 to beta2 to, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
In Eclipse Jetty, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
In Eclipse Jetty, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
In Eclipse Jetty to beta2 to beta2 to, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
In Eclipse Jetty, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
In Eclipse Jetty, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
In Eclipse Jetty, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
Improper input validation of octal strings in netmask npm allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
curl to and including includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS session tickets. When using a HTTPS proxy and TLS, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use …
There's a flaw in OpenEXR's scanline input file functionality . An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
There's a flaw in OpenEXR's Scanline API functionality . An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
There's a flaw in OpenEXR's deep tile sample size calculations . An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser.
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser.
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed
If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec` function without input sanitization.
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes.
Potential for arbitrary code execution in npm package @thi.ng/egf.
Priam uses File.createTempFile, which gives the permissions on that file -rw-r–r–. An attacker with read access to the local filesystem can read anything written there by the Priam process.
Jenkins Cloud Statistics Plugin does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages.
A missing permission check in Jenkins Team Foundation Server Plugin allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
A missing permission check in Jenkins OWASP Dependency-Track Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
A missing permission check in Jenkins Team Foundation Server Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
mongo-express offers support for certain advanced syntax but implements this in an unsafe way
A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
A flaw was found in OpenEXR's B44 uncompression functionality. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and …
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and …
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and …
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2), which is used by zookeeper, there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to …
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and …
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and …
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote …
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote …
The netmask package for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of This (in some situations) allows attackers to bypass access control that is based on IP addresses.
isolated-vm has API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an environment where the implementer has exposed a Reference instance to an attacker they would be able to use it to acquire a Reference to the nodejs context's Function object. Similar application-specific attacks could …
Jenkins Build With Parameters Plugin does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin allows attackers to build a project with attacker-specified parameters.
A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_proces exec function without input sanitization.
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
All versions of package reportlab at time of writing are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: Download and install the latest package of reportlab Go to demos -> odyssey -> dodyssey In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> Create …
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196, CVE-2019-1197.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1197.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196.
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
An issue was discovered in Pillow before 8.2.0. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with …
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with …
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with …
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with …
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with …
Weak JSON Web Token (JWT) signing secret generation in YMFE YApi allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.
baserCMS allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.
A flaw was found in RESTEasy where the endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
A flaw was found in RESTEasy in all versions of RESTEasy up to Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
A flaw was found in RESTEasy where the endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
BuddyPress is an open source WordPress plugin to build a community site. In vulnerable releases of BuddyPress, it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint
The notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker.
The password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains.
Cross Site Scripting (XSS) vulnerability in craftcms, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
Improper neutralization of JavaScript input in the page editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
Improper neutralization of JavaScript input in the blog article editing function of baserCMS allows remote authenticated attackers to inject an arbitrary script via unspecified vectors.
Zetetic SQLCipher has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.
The OpenID Connect server implementation for MITREid Connect contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The issue can …
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is …
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack.
A NULL pointer dereference flaw was found in the way Jasper handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
A NULL pointer dereference flaw was found in the way Jasper handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is …
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the …
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a purpose has been configured then there is a …
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the …
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
It is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG.
APKLeaks allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name.
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action.
Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.
Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default fileDenyPattern successfully blocked files like .htaccess or malicious.php. Besides that, UploadedFileReferenceConverter transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other …
Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default fileDenyPattern successfully blocked files like .htaccess or malicious.php. Additionally, UploadedFileReferenceConverter transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct …
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default fileDenyPattern successfully blocked …
Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default fileDenyPattern successfully blocked files like .htaccess or malicious.php. Additionally, UploadedFileReferenceConverter transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct …
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
The package hosted-git-info is vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
XStream is a Java library to serialize objects to XML and back again. If you rely on XStream's default denylist of the Security Framework, you will have to use at least
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return.
copy-props is vulnerable to Prototype Pollution due to lack of validation in index.js.
Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default fileDenyPattern successfully blocked files like .htaccess or malicious.php. Additionally, attackers can persist those files in any writable directory of the corresponding TYPO3 …
Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default fileDenyPattern successfully blocked files like .htaccess or malicious.php. Besides that, attackers can persist those files in any writable directory of the corresponding …
OMERO.web before 5.9.0
OMERO.web before 5.9.0
Secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
An attacker can pre-create directories with wide permissions.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the {{wikimacrocontent}} executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has …
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem …
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream.
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream.
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information.
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream.
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information.
XStream is a Java library to serialize objects to XML and back again. In XStream, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
TYPO3 content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
Content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
Database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability.
The Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability.
The Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability.
Database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability.
User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.
User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - such as SQL injection in any other component of the system.
Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded.
Requesting invalid or non-existing resources via HTTP, triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded.
No limitation of user agent string length supplied to regex operators.
An XSS vulnerability was discovered in the python lxml clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.
Users who are using an HTTPS proxy to issue HTTPS requests and haven't configured their own SSLContext via proxy_config. Only the default SSLContext is impacted.
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox and pri versions.
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In, email address validation is vulnerable to a denial-of-service attack where some input will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max …
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9.-]+.[a-zA-Z0-9.-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ezsystems/ezpublish-kernel.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ezsystems/ezplatform-kernel.
shescape is a simple shell escape package for JavaScript. In shescape, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched No further changes are required.
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service.As a workaround one can avoid using "aws-chunked" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS.
A carefully crafted PDF file can trigger an infinite loop while loading a file.
Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this would result in a crash but, with correct timing, responses could be sent to the wrong client, resulting in potential leakage of …
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leading to a cross-site-scripting (XSS) vulnerability.
Zen Cart d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.
Kramdown does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
A flaw was found in cairo's image-compositor.c in all This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow.
This affects the package html-parse-stringify ; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Jenkins CloudBees AWS Credentials Plugin does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2
An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders.
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.
Wazuh API in Wazuh from to allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not …
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp –template" and "startproject –template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
Qiita::Markdown allows XSS in transformers.
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin allows attackers to stop hypervisor domains.
ua-parser-js uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
In Apache Ambari, malicious users can construct file names for directory traversal and traverse to other directories to download files.
Prototype pollution vulnerability in patchmerge allows an attacker to cause a denial of service and may lead to remote code execution.
A flaw was found in the fabric8 kubernetes-client. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path.
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server.
The Backup functionality in Grav CMS allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.`
The BackupDelete functionality in Grav CMS allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
It was possible for some users without permission to view other users' full names to do so via the online users block in moodle
When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle
The web service responsible for fetching other users' enrolled courses does not validate that the requesting user had permission to view that information in each course in moodle
Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle
Gitea allows XSS via certain issue data in some situations.
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle
The Scheduler in Grav CMS allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).
If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.
This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.
SpringBoot Framework is susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services and Management Node contain vulnerable versions of SpringBoot Framework.
Impact The vulnerability allows for reading and outputting files served by other services on the internal network in which the export server is hosted. If the export server is exposed to the internet, this potentially allows a malicious user to gain read access to internal web-resources. The impact is limited to internal services that serve content via. HTTP(S), and requires the attacker to know internal hostnames/IP addresses. The previous versions …
Any Pod on a Solid server using a vulnerable version of the identity-token-verifier library is at risk of a spoofed Demonstration of Proof-of-Possession (DPoP) token binding. This vulnerability could give total and complete access to a targeted Pod.
The is-svg package for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.
ssri processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
The package printf is vulnerable to Regular Expression Denial of Service.
Leptonica allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
Leptonica allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.
Leptonica allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
Leptonica allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.As a workaround downstream applications can validate the input and reject the maliciously crafted documents.
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the …
In Eclipse Theia versions up to and including, in the notification messages there is no HTML escaping, so Javascript code can run.
In Eclipse Theia versions up to and including, in the notification messages there is no HTML escaping, so Javascript code can run.
msgpack5 is susceptible to prototype pollution attacks.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in shopware/platform.
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.
Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be …
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be …
JMS Client for RabbitMQ is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
In Eclipse Theia versions up to and including, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
In Eclipse Theia versions up to and including, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected.
Code injection through use of eval.
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default umask settings for the process are respected. As a result, by default, most processes/apis will create files/directories with …
When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled.
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to …
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
Leptonica allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests. The fix ensures neither attack is possible. The fix is distributed via …
This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests. The fix ensures neither attack is possible. The fix is distributed via …
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates.
When running on servers that are configured to accept a wildcard as a hostname (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. See the following resources for more information on Host Header Poisoning: https://portswigger.net/web-security/host-header https://dzone.com/articles/what-is-a-host-header-attack
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October, when running on poorly configured servers (i.e., the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. This has been addressed by adding a feature to allow a set of trusted hosts to be specified in the application. As …
In containerd (an industry-standard container runtime) Users should update to these versions.
It is possible to run arbitrary commands through the yaml.load() method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file.
Libjpeg-turbo is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.
The default error page for VelocityView in Apache Velocity Tools reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal …
This affects the package madge It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
Prototype pollution vulnerability in changeset allows an attacker to cause a denial of service and may lead to remote code execution.
react-dev-utils exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed.
A flaw was found in Keycloak where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in Keycloak where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in Keycloak where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.
A flaw was found in Keycloak where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in Keycloak where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in Keycloak where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up.
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the request is not proxied through as …
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Http2StreamFrameToHttpObjectCodec is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched Final As a workaround, the user can do the validation by themselves by implementing a custom ChannelInboundHandler that is put in the ChannelPipeline behind Http2StreamFrameToHttpObjectCodec.
The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors.
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
This affects the package jspdf ReDoS is possible via the addImage function.
What kind of vulnerability is it? Who is impacted? Information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool.
There is a race condition in OozieSharelibCLI in Apache Oozie which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.
In Pollbot, there is an open redirection vulnerability
What kind of vulnerability is it? Who is impacted? Open redirect vulnerability - a maliciously crafted link to the login form and login functionality could redirect the browser to a different website.
The package github.com/pires/go-proxyproto is vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn.
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. As a workaround, one can disable uploads with a Content-Type of multipart/form-data as mentioned in the S3 API RESTObjectPOST docs by using a proxy in front of MinIO.
A flaw was found in keycloak The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
A flaw was found in keycloak The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
A flaw was found in keycloak The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see the list of patched versions for the most appropiate one for your individual case. Workarounds Users who do not wish or are …
Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see the list of patched versions for the most appropriate one for your individual case. Workarounds Users who do not wish or …
A flaw was found in keycloak The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
A flaw was found in keycloak The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
A flaw was found in keycloak The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
What kind of vulnerability is it? Who is impacted? Information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin.
Bot Framework SDK Information Disclosure Vulnerability
A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot.
The Blog module in Kentico CMS R2 build allows SQL injection via the tagname parameter.
The activerecord-session_store (aka Active Record Session Store) component for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher
Apache Superset allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a div section and embedding in it a svg …
Apache Superset allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a div section and embedding in it a svg …
Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.
Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
A SQL injection vulnerability exists in qcubed profile.php via the strQuery parameter. This allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
A PHP object injection bug in profile.php in qcubed deserializes the untrusted data of the POST-variable strProfileData and allows an unauthenticated attacker to execute code via a crafted POST request.
A reflected cross-site scripting (XSS) vulnerability in qcubed's profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
fs-path node module is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods.
The package total.js is vulnerable to Remote Code Execution (RCE) via set.
ThinkAdmin has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.
If a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend.
If a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend.
The Java client for the Datadog API before version has a local information disclosure of sensitive information downloaded via the API using the API Client.
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a blob origin that cannot access Matrix user data, so messages and secrets are not at risk.
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server.
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. it is possible.
A cross-site scripting issue was found in Apache Ambari Views.
A cross-site scripting issue was found in Apache Ambari Views.
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
Prototype pollution vulnerability in object-collider allows attacker to cause a denial of service and may lead to remote code execution.
When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
A malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers.
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.Upgrade your dependency using pip as follows pip install aiohttp.
When Jetty handles a request containing multiple Accept headers with a large number of quality (i.e., q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
When Jetty handles a request containing multiple Accept headers with a large number of quality (i.e., q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
When Jetty handles a request containing multiple Accept headers with a large number of quality (i.e., q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
When Jetty handles a request containing multiple Accept headers with a large number of quality (i.e., q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
When Jetty handles a request containing multiple Accept headers with a large number of quality (i.e., q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
When Jetty handles a request containing multiple Accept headers with a large number of quality (i.e., q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
When Jetty handles a request containing multiple Accept headers with a large number of quality (i.e., q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
When Jetty handles a request containing multiple Accept headers with a large number of quality (i.e., q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via the Projects API. The vulnerability applies only to the Projects feature which is not enabled by default in Node-RED. The primary workaround is not give untrusted users read …
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, …
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the release. A workaround is to ensure only authorized users are able to access the editor url.
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the release. A workaround is to ensure only authorized users are able to access the editor url.
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via the Projects API. The issue has been patched in Node-RED The vulnerability applies only to the Projects feature which is not enabled by default in Node-RED. The primary …
Magento UPWARD-php An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which allows reading arbitrary files from the remote server. Access to the admin console is required for successful exploitation.
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root.
The restify-paginate package for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache XmlGraphics Commons is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Jenkins Support Core Plugin provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
Jenkins Active Choices Plugin does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Artifact Repository Parameter Plugin does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Repository Connector Plugin does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
The Markdown Preview can be exploited to execute arbitrary code.
A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin allows attackers to apply different slice configurations.
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability.
An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot.
Spring Security can fail to save the SecurityContext if it is changed more than once in a single request. A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the …
An out-of-bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.
A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service.
A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request.
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest.
An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
This advisory has been marked as a False Positive and has been removed.
An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization.
All versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package.
All versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file.
All versions of package wc-cmd are vulnerable to Command Injection via the index.js file.
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file.
Smarty allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.
Constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).
This advisory has been marked as a false positive.
URI.js (aka urijs) mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.
url-parse mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.
Smarty allows code injection via an unexpected function name after a {function name= substring.
An integer overflow in the PngImg::InitStorage_() function of png-img leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.
The slashify package for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package for Node.js.
Jinjava allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
TweetStream uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.
In voloko twitter-stream, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more //// characters
In the default configuration, Apache MyFaces Core to to to use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.
The package prismjs are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.
Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
This affects the package three This can happen when handling rgb or hsl colors.
All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge.
A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class.
Opencast is a free, open-source platform to support the management of educational audio and video content.On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed.
Opencast is a free, open-source platform to support the management of educational audio and video content.On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.
The package async-git are vulnerable to Command Injection via shell meta-characters (back-ticks). For example, git.reset('atouch HACKEDb')
In RPyC, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser.
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of …
In less-openui5, when processing theming resources (i.e. *.less files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process.
OpenSSL supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed …
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack could allow a rogue application to establish a secure connection.
command injection vulnerability
Centreon where an authorized user is able to inject additional SQL queries to perform remote command execution.
An issue was discovered in GNOME GLib The function g_bytes_new has an integer overflow on platforms due to an implicit cast from bits to bits. The overflow could potentially lead to memory corruption.
An issue was discovered in GNOME GLib If g_byte_array_new_take() was called with a buffer of 4GB or more on a platform, the length would be truncated modulo 2**32, causing unintended length truncation.
When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
In Apache Thrift, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
This advisory has been marked as a false positive.
In Apache Thrift, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Magento is vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
The Host Authorization middleware in Action Pack suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a …
The Host Authorization middleware in Action Pack suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted Host header can be used to redirect to a …
The PostgreSQL adapter in Active Record suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
The get-ip-range package for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as /1) that causes resource exhaustion.
The PostgreSQL adapter in Active Record suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
Users of Adminer versions bundling all drivers (e.g. adminer.php) are affected.
Magento is vulnerable to SQL Injection. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation.
Magento is vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
Magento is vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
In Lucee Admin, there is an unauthenticated remote code exploit.
All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.
Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.
Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.
Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.
Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.
Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.
Keycloak suffers from an information disclosure through error messages. A logged in user can do an account email enumeration attack.
An authorization flaw was found in podman. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of …
Magento is vulnerable to Cross-Site Scripting in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.
This CVE has been marked as a False Positive and has been removed.
In next-auth there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the Email provider with the default database adapter are not impacted. Implementations using the Prisma database adapter but not using the Email provider are not impacted. The Prisma database adapter was checking the verification token, but was not verifying the email address associated with that token. …
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. When certain sequences of update() calls with large values (multiple GBs) for symetric encryption or decryption occur, it's possible for an integer overflow to happen, leading to mishandling of buffers. This is patched in version 3.3.2 and newer.
ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (), path.resolve leaves the upper pointers intact and allows the user to move beyond the root …
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.
The samba-client package for Node.js allows command injection because of the use of process.exec.
The Elastic APM agent for Go can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.
Impact Generation of fake documents via public GET-call Patches We recommend to update to the current version 6.3.5.1. You can get the update to 6.3.5.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/#shopware-6 Workarounds For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659 For more …
In SCIMono, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
A cross-site scripting (XSS) vulnerability in the forms component of Mautic allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
Adminer allows XSS via the history parameter to the default URI.
The package apexcharts are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.
Marked is an open-source markdown parser and compiler. In marked from and, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed
Marked is an open-source markdown parser and compiler. In marked from and, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is fixed
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
In CarrierWave, the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform.
A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server.
Prototype pollution vulnerability in set-or-get allows an attacker to cause a denial of service and may lead to remote code execution.
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
An OS Command Injection vulnerability was found in node-ps located on line of lib/index.js.
The macfromip package suffers from an OS Command Injection. The vulnerability is located on line macfromip.js.
sanitize-html does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass the hostname allowlist validation set by the allowedIframeHostnames option.
sanitize-html does not properly validate the hostnames set by the allowedIframeHostnames option when the allowIframeRelativeUrls is set to true, which allows attackers to bypass the hostname allow list for an iframe element.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in MostRecentProvider did not reauthorize the use of the key. This created the potential for keys to be used in the DynamoDB Encryption Client after permissions …
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in MostRecentProvider did not reauthorize the use of the key. This created the potential for keys to be used in the DynamoDB Encryption Client after permissions …
An integer overflow issue exists in Godot Engine that can be triggered when loading specially crafted TGA image files.
In CarrierWave, there is a code injection vulnerability. Attackers can craft a string that can be executed as a Ruby code.
The spritesheet-js package depends on a vulnerable package platform-command. The injection point is located on line in lib/generator.js, which is triggered by main entry of the package.
In Dynamoose from and there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose.
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ.
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ.
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ.
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ.
This advisory has been marked as a false positive.
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ.
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ.
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers. There is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing …
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers. There is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled.
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers. There is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled.
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is …
The gitlog function in src/index.ts in gitlog has a command injection vulnerability.
Stack buffer overflow vulnerability in gitea allows remote attackers to cause a denial of service (crash) via vectors related to a file path.
An issue was discovered in October through build It reactivates an old session ID (which had been invalid after a logout) once a new login occurs.
decal is vulnerable to prototype pollution in the set function.
decal is is vulnerable to prototype pollution in the extend function.
In Eclipse Californium to, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this.
prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r–r– on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the …
When using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
When using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
The package elliptic is vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
This is a follow-up to the previous security advisory (GHSA-3p32-j457-pg5x) which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will …
This is a follow-up to the previous security advisory (GHSA-3p32-j457-pg5x) which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will …
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s has a vulnerability which can lead to a denial-of-service.
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. …
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. …
blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still …
blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still …
Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue.
blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still …