635 matches found
This Week in Spring - September 19th, 2023 (Java 21 Edition)
Hi, Spring fans! Welcome to another installment of This Week in Spring - Java 21 edition! The big news, indeed, the biggest news, is that Java 21 is now available here! You should use SDKMAN to install it, like this: sdk install java 21-graalce && sdk default java 21-graalce. This install givews...
MAL-2023-8351 Malicious code in aliababcloud-tea-openapi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 644686188e6f43d2dc595074d7644cba060e6a91b8de18713f4b551a76a6c3b7 Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...
Remote Code Execution (RCE)
gitlab is vulnerable to Remote Code Execution RCE. Because OpenAPI documents are not sandboxed, an attacker is able to deceive a user into clicking on the Swagger OpenAPI reader and issuing HTTP requests that harm the victim's account...
Directory Traversal
rswag-api is vulnerable to Directory Traversal. The vulnerability exists in the call function of middleware.rb, which allows an attacker to read arbitrary JSON and YAML files via directory traversal, because the library exposes a file that is not in the OpenAPI specification file...
GHSA-VC79-65PR-Q82V rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
Directory traversal
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
rswag 路径遍历漏洞
rswag is an API from the rswag community that seamlessly adds Swagger to Rails-based projects. A security vulnerability exists in versions of rswag prior to 2.10.1, which stems from the fact that the rswag-api can expose a file that is not a project's OpenAPI or Swagger specification file, leadin...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...
PT-2023-26371 · Rswag · Rswag
Name of the Vulnerable Software and Affected Versions: rswag versions prior to 2.10.1 Description: The issue allows remote attackers to read arbitrary JSON and YAML files via directory traversal. This occurs because rswag-api can expose a file that is not the OpenAPI or Swagger specification file...
CVE-2023-20136
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
Design/Logic Flaw
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
CVE-2023-20136
CVE-2023-20136 concerns a privilege-escalation in the OpenAPI of Cisco Secure Workload. An authenticated, read-only user with valid credentials could invoke OpenAPI calls that should require Administrator privileges, enabling actions such as creating/deleting user labels due to RBAC misconfigurat...
CVE-2023-20136
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
Cisco Secure Workload OpenAPI Elevation of Privilege Vulnerability
Cisco Secure Workload is a software from Cisco that allows users to install software agents on their application workloads. A security vulnerability exists in the Cisco Secure Workload OpenAPI, which can be exploited by remote attackers to submit a special request that can be used to perform...
Cisco Secure Workload 安全漏洞
Cisco Secure Workload is a software from Cisco that allows users to install software agents on their application workloads. A security vulnerability exists in the Cisco Secure Workload OpenAPI, which can be exploited by remote attackers to submit a special request that can be used to perform...
CVE-2023-20136
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...
dk.mada.jaxrs:openapi-jaxrs-client (>=0.9.12 <=0.9.17), io.jooby:jooby-jstachio (>=3.0.0.M7 <=3.0.0.M9) +6 more potentially affected by CVE-2023-33962 via io.jstach:jstachio (>=0.10.0 <=1.0.0)
io.jstach:jstachio MAVEN version =0.10.0, =0.9.12, =3.0.0.M7, =0.6.0, =0.8.0, =0.8.0, =0.10.0, =0.10.0, =0.10.0, =1.0.0 Source cves: CVE-2023-33962 Source advisory: OSV:GHSA-GWXV-JV83-6QJR...