curl: lib/ldap.c follows attacker-controlled LDAP referrals and binds to a second server; WinLDAP builds leak current logon credentials (confirmed on Window

Summary: curl's generic LDAP backend lib/ldap.c does not disable automatic LDAP referral chasing, unlike lib/openldap.c, which explicitly sets LDAPOPTREFERRALS to LDAPOPTOFF. As a result, a malicious first-hop LDAP server can return a referral to an attacker-controlled second LDAP server and caus...

EUVD-2024-0911

Malicious code in bioql PyPI...

CVE-2024-24683

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...

GHSA-F6G6-PJGC-5CJ5 Improper Input Validation vulnerability in Apache Hop Engine

Improper Input Validation vulnerability in Apache Hop Engine. This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to th...

CVE-2024-24683

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...

CVE-2024-24683

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...

CVE-2024-24683 Apache Hop Engine: ID isn't escaped when generating HTML

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...

Apache Hop Engine Security Vulnerability

Apache Hop Engine is an open source data integration, data processing and workflow management platform from the Apache Foundation. A security vulnerability exists in Apache Hop Engine versions prior to 2.8.0, which stems from an improperly escaped parameter provided to the user when the Hop Serve...

PT-2024-20490 · Apache · Apache Hop Engine

Name of the Vulnerable Software and Affected Versions: Apache Hop Engine versions prior to 2.8.0 Description: The issue is related to improper input validation in the Apache Hop Engine, specifically affecting the Hop Server component. When the Hop Server writes links to the...