[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

CVE-2023-30845

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

Authentication flaw

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

Server-side Request Forgery (SSRF)

openapi-generator is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the improper validation in the /api/gen/clients/language path, allowing an attacker to access network resources and sensitive information via a crafted API request...

OpenAPI Generator vulnerable to Server-Side Request Forgery

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

Server-side Request Forgery (SSRF)

Overview org.openapitools:openapi-generator-online is an a Spring Boot Server application which hosts a client/server generator API. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the API endpoints /api/gen/clients/language and /api/gen/servers/framework...

GHSA-WG4W-5M5R-W3P8 OpenAPI Generator vulnerable to Server-Side Request Forgery

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

Server side request forgery (ssrf)

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

CVE-2023-27162

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

CVE-2023-27162

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery SSRF via the component /api/gen/clients/language. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request...

openapi-generator 代码问题漏洞

openapi-generator is a software application. It provides an open API interface. A security vulnerability exists in openapi-generator version v6.4.0 and earlier, which stems from the discovery of a vulnerability containing a server-side request forgery SSRF vulnerability via...

CVE-2023-27162

CVE-2023-27162 affects openapi-generator up to v6.4.0. Affected component: SSRF via /api/gen/clients/{language}, enabling an attacker to access network resources and sensitive information. CVSS v3.1 base score 9.1 (CRITICAL); attack vector network, low complexity, no privileges, no user interacti...

PT-2023-20982 · Unknown · Openapi Generator

Name of the Vulnerable Software and Affected Versions: openapi-generator versions up to v6.4.0 Description: The issue is related to a Server-Side Request Forgery SSRF in the component "/api/gen/clients/language". This allows attackers to access network resources and sensitive information via a...

This Week in Spring - March 14th, 2023

Hi, Spring fans! Happy Pi π day! And, welcome to another installment of This Week in Spring! It's pouring cats and dogs here in San Francisco! The news is talking about atmospheric rivers; I don't know what that means but I don't know that I want to find out. Anyway, all that to say: I'm glad as...

CVE-2023-23619 Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

Modelina 代码注入漏洞

Modelina is the asyncapi personal developer's library for generating data models based on input such as AsyncAPI, OpenAPI or JSON schema documents. A code injection vulnerability exists in versions of Modelina prior to 1.0.0 that stems from vulnerability to code injection attacks...

REST-Attacker - Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations

REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and...

GitLab 12.6 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Multiple Vulnerabilities

GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...

UBUNTU-CVE-2022-3726

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account...