35 matches found
EUVD-2020-30122
Malware in sbrugna...
EUVD-2022-1227
Malicious code in bioql PyPI...
EUVD-2021-8627
Malicious code in bioql PyPI...
CVE-2020-9296
Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...
CVE-2020-9297
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...
SRC-2022-0023 : VMWare Workspace ONE Access ClaimTransformationHelper validateClaimRuleCondition Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Workspace ONE Access. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
This Week in Spring - May 24th, 2022
Hi, Spring fans! Im in Spain for business and not just a little pleasure. Yesterday, my partner, her mother, and I went to Formentera, Spain, a little island off of Ibiza, Spain. It was amazing. Were now in Ibiza, Spain, which is a little island not far from Barcelona, Spain, on the mainland of...
GHSA-WFJ5-2MQR-7JVV Expression Language Injection in Netflix Conductor
Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...
Expression Language Injection in Netflix Conductor
Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...
CVE-2021-21244
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation...
Input validation
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation...
CVE-2021-21244 Pre-Auth SSTI via Bean validation message tampering
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation...
PT-2021-14354 · Onedev · Onedev
Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 4.0.3 Description: The issue is related to a pre-auth server side template injection via Bean validation message tampering in OneDev, an all-in-one devops platform. This was fixed in version 4.0.3 by disabling...
Theonedev Onedev 代码代码注入漏洞
Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev An injection vulnerabili...
GHSA-WMFG-55F9-J8HQ Server-Side Template Injection
Impact A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution RCE vulnerability. This has been assigned CVE-2020-26282. Patches Effective Immediately, all users should upgrade ...
CVE-2020-9297
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...
CVE-2020-9297
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...
Code injection
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...
CVE-2020-9297
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...
CVE-2020-9297
CVE-2020-9297 affects Netflix Titus prior to v0.1.1-rc.274. The issue arises when building custom constraint violation messages with ConstraintValidatorContext.buildConstraintViolationWithTemplate(); an attacker could inject arbitrary data into the error message template, enabling execution of ar...