Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

Impact The Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. Patches Fixed by hardcoding the...

PT-2024-19412 · Unknown · Jupyter Server +1

Name of the Vulnerable Software and Affected Versions: JupyterLab versions prior to 4.1.0b2 JupyterLab versions prior to 4.0.11 JupyterLab versions prior to 3.6.7 jupyter-server versions prior to 2.7.2 Description: JupyterLab is an extensible environment for interactive and reproducible computing...