181 matches found
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
CVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface...
PT-2024-18615 · Unknown · Foxmann-Un/Unem Server
Name of the Vulnerable Software and Affected Versions: FOXMAN-UN/UNEM server affected versions not specified Description: An authentication bypass issue exists in the FOXMAN-UN/UNEM server API Gateway component. This allows attackers without any access to interact with the services and the...
GHSA-99F9-GV72-FW9R Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Impacted Resources bref/src/Event/Http/HttpResponse.php:61-90 Description When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. Precisely, if PHP generates a response with two headers having the same key but different values only the...
CVE-2024-24753
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753
CVE-2024-24753 concerns the Bref serverless PHP runtime on AWS Lambda. When used with API Gateway v2, Bref does not correctly handle multiple-value headers: if PHP emits two headers with the same name, only the last value is retained. This can undermine security policies that rely on multiple hea...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2023-50093
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection...
CVE-2023-50092
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting XSS...
Cross site scripting
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting XSS...
CVE-2023-50092
CVE-2023-50092 affects APIIDA API Gateway Manager for Broadcom Layer7, version 2023.2. Multiple sources describe a Cross-Site Scripting (XSS) vulnerability; PT-Security explicitly calls it a Reflective XSS. The CVSS v3.1 score is 6.1 (Medium) with network attack vector, no privileges required, us...
PT-2024-13857 · Broadcom · Apiida Api Gateway Manager
Name of the Vulnerable Software and Affected Versions: APIIDA API Gateway Manager for Broadcom Layer7 version 2023.2 Description: The APIIDA API Gateway Manager for Broadcom Layer7 is affected by a Cross Site Scripting XSS issue. This allows for malicious scripts to be injected into the website,...
CVE-2023-50092
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting XSS...
APIIDA API Gateway Manager Security Vulnerability
APIIDA API Gateway Manager for Broadcom Layer7 is an APIIDA API gateway manager for Broadcom Layer7 from APIIDA Germany. It enables fast and reliable API deployment and migration as well as comprehensive API monitoring and alerting. A security vulnerability exists in APIIDA API Gateway Manager...
CVE-2023-50092
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting XSS...
CVE-2023-50093
CVE-2023-50093 affects APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 and is a Host Header Injection vulnerability. The Red Hat, NVD, and CVE listings corroborate a host header issue in APIIDA API Gateway Manager for Broadcom Layer7 2023.2.2. The issue stems from an injection vulnerabil...
Denial Of Service (DoS)
@cubejs-backend/api-gateway is vulnerable to Denial Of Service DoS. The vulnerability exists in gateway.ts allowing an attacker to cause an application crash by submitting a crafted query...
@codefresh-io/cubejs-backend-server-core (>=0.30.77 <=0.30.83), @cubejs-backend-json-clone/server (=1.0.0) +17 more potentially affected by CVE-2023-50709 via @cubejs-backend/api-gateway (>=0.0.18 <=0.33.65)
@cubejs-backend/api-gateway NPM version =0.0.18, =0.30.77, =0.0.8, =0.0.7, =0.0.24, =0.10.0, =0.10.0, =0.32.28, =0.33.43, =0.29.4, =1.0.0, =0.27.30, =0.30.61, =0.30.64 and more Source cves: CVE-2023-50709 Source advisory: OSV:GHSA-9759-3276-G2PM...