54 matches found
CVE-2026-44371
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2026-44371
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2026-44371
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
EUVD-2026-9500
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...
CVE-2026-26002
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...
Open OnDemand 注入漏洞
Open OnDemand is an open-source software developed by the Ohio Supercomputer Center, designed for open-ended interactive HPC through web-based interfaces. Versions of Open OnDemand prior to 4.0.9 and 4.1.3 contained a vulnerability due to improper handling of malicious inputs by the Files...
CVE-2025-66029
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
CVE-2025-66029
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
EUVD-2025-204011
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers
Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...
CVE-2025-66029
Open OnDemand (prior to 4.1) is affected: the Apache proxy in 4.0.8 and earlier may pass sensitive headers to origin servers, enabling an attacker to set up an origin server on a compute node that records headers when users connect. A fix is expected in the 4.1 release; for 4.0.x workarounds exis...
Open OnDemand 安全漏洞
Open OnDemand is an open source implementation of Open Interactive HPC over the Web from Ohio Supercomputer Center. A security vulnerability exists in Open OnDemand 4.0.8 and earlier versions, which originates when the Apache proxy passes sensitive headers to the origin server, potentially leadin...
PT-2025-51973
Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.1 Description Open OnDemand provides remote web access to supercomputers. The Apache proxy in versions 4.0.8 and earlier allows sensitive headers to be passed to origin servers. This could allow malicious user...
CVE-2025-62724
Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" TOCTOU attack when downloading zip files to access files outside of the OODALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all curre...
CVE-2025-64185 Open OnDemand RPM packages create world writable locations
Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEMPATH. Open OnDemand versions 4.0.8 and 3.1.16 have been patched for this vulnerability...
CVE-2025-62724
CVE-2025-62724 affects Open OnDemand (HPC portal). Prior to versions 4.0.8 and 3.1.16, a TOCTOU condition can be exploited during zip-file downloads to access files outside the OOD_ALLOWLIST. Impacted sites using file browser allowlists may be able to reach restricted files, though UNIX permissio...
EUVD-2025-198294
Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" TOCTOU attack when downloading zip files to access files outside of the OODALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all curre...
CVE-2025-62724 Open OnDemand allowlist bypass using symlinks in directory downloads (TOCTOU)
Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" TOCTOU attack when downloading zip files to access files outside of the OODALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all curre...
CVE-2025-62724 Open OnDemand allowlist bypass using symlinks in directory downloads (TOCTOU)
Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" TOCTOU attack when downloading zip files to access files outside of the OODALLOWLIST. This vulnerability impacts sites that use the file browser allowlists in all curre...