11 matches found
EUVD-2023-3198
Malicious code in bioql PyPI...
EUVD-2023-3281
Malicious code in bioql PyPI...
Missing Release of Memory after Effective Lifetime
Overview org.infinispan:infinispan-server-rest is an Infinispan Rest Server. Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the REST compare API. A user can trigger an OutOfMemoryError by sending many requests with large 1 MiB POST data ...
GHSA-R4W2-HJMR-36M7 Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
GHSA-FHR7-8JX4-R9CP Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
CVE-2023-3628
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
CVE-2023-3629
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
infispan: REST bulk ops don't check permissions
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
CVE-2023-3628
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...
CVE-2020-25711
A flaw was found in the Infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. The highest threat...
infinispan: auth bypass in REST api
It was found that the REST API in infinispan did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...