1248 matches found
GHSA-RQJW-P5VR-C695 Basic-auth app bundle credential exposure in gatsby-source-wordpress
Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...
Basic-auth app bundle credential exposure in gatsby-source-wordpress
Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...
CVE-2021-32770
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...
Authentication flaw
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...
CVE-2021-32770 Basic-auth app bundle credential exposure in gatsby-source-wordpress
Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...
Advisory ROSA-SA-2021-1976
Software: squid 3.5.20 OS: Cobalt 7.9 CVE-ID: CVE-2016-10003 CVE-Crit: HIGH CVE-DESC: An incorrect comparison of HTTP request headers in Squid HTTP Proxy 3.5.0.0.1-3.5.22 and 4.0.1-4.0.16 causes Collapsed Forwarding to incorrectly identify some private responses as suitable for delivery to multip...
GHSA-8CH4-58QP-G3MP Observable Timing Discrepancy in aaugustin websockets library
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...
[ASA-202106-26] python-websockets: private key recovery
Arch Linux Security Advisory ASA-202106-26 ========================================== Severity: Medium Date : 2021-06-09 CVE-ID : CVE-2021-33880 Package : python-websockets Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-2040 Summary ======= The package...
SilverStripe 授权问题漏洞
SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe has an authorization issue vulnerability that stems from...
PT-2021-11213 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.6.0-rc1 Description: The issue concerns the GraphQL module in SilverStripe, which by default accepts basic-auth as an authentication method. This allows bypassing multi-factor authentication MFA if the...
Information Disclosure
websockets is vulnerable to information disclosure. The vulnerability exists due to an observable timing discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactory, allowing an attacker to guess a password via timing attack...
CVE-2021-33880
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...
DEBIAN-CVE-2021-33880
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...
CVE-2021-33880
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...
Authentication flaw
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...
PYSEC-2021-95
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...
UBUNTU-CVE-2021-33880
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...
PYSEC-2021-95
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...
CVE-2021-33880
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...
CVE-2021-33880
The CVE-2021-33880 issue affects the aaugustin websockets library for Python, before version 9.1. It describes an Observable Timing Discrepancy when HTTP Basic Authentication is enabled (basic_auth_protocol_factory(credentials=...)), allowing an attacker to guess passwords via a timing attack. A ...