25 matches found
EUVD-2021-0773
Malware in sbrugna...
EUVD-2022-7290
Malicious code in bioql PyPI...
CVE-2022-3952
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...
CVE-2021-29451
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release...
GHSA-925R-R6RP-2JJ7 ManyDesigns Portofino subject to creation of insecure temporary file
A vulnerability has been found in ManyDesigns Portofino 5.3.2. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address...
ManyDesigns Portofino subject to creation of insecure temporary file
A vulnerability has been found in ManyDesigns Portofino 5.3.2. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address...
CVE-2022-3952
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...
CVE-2022-3952
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...
Directory traversal
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...
PT-2022-24976 · Manydesigns · Manydesigns Portofino
Name of the Vulnerable Software and Affected Versions: ManyDesigns Portofino version 5.3.2 Description: A vulnerability has been found in ManyDesigns Portofino, where the function createTempDir of the file WarFileLauncher.java is affected. The manipulation leads to the creation of a temporary fil...
CVE-2022-3952
Summary: CVE-2022-3952 affects ManyDesigns Portofino 5.3.2. The vulnerability is in WarFileLauncher.java:createTempDir, which allows creation of a temporary file in a directory with insecure permissions. This could lead to disclosure of sensitive data. A fix is available in Portofino 5.3.3; patch...
CVE-2022-3952 ManyDesigns Portofino WarFileLauncher.java createTempDir temp file
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...
CVE-2022-3952 ManyDesigns Portofino WarFileLauncher.java createTempDir temp file
A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...
ManyDesigns Portofino 安全漏洞
ManyDesigns Portofino is a low-code tool from ManyDesigns Italy. It is used to build model-driven REST APIs and web applications. A security vulnerability exists in ManyDesigns Portofino 5.3.2, which originates in an unknown section of the WarFileLauncher.java file, and can be exploited by an...
Missing validation of JWT signature in `ManyDesigns/Portofino`
Impact Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. Patches The issue will be patched in the upcoming 5.2.1 release. For more information If you have any questions o...
com.manydesigns:demo-tt (>=5.0.0 <=5.2.0), com.manydesigns:portofino-atmosphere (>=5.0.0 <=5.0.3) +17 more potentially affected by CVE-2021-29451 via com.manydesigns:portofino-dispatcher (>=5.0.0 <=5.2.0)
com.manydesigns:portofino-dispatcher MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.2.0 and more Source cves: CVE-2021-29451 Source advisory: OSV:GHSA-6G3C-2MH5-7Q6X...
GHSA-6G3C-2MH5-7Q6X Missing validation of JWT signature in `ManyDesigns/Portofino`
Impact Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. Patches The issue will be patched in the upcoming 5.2.1 release. For more information If you have any questions o...
com.manydesigns:demo-tt (>=5.0.0 <=5.2.0), com.manydesigns:portofino-atmosphere (>=5.0.0 <=5.0.3) +16 more potentially affected by CVE-2021-29451 via com.manydesigns:portofino-core (>=5.0.0 <=5.2.0)
com.manydesigns:portofino-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.2.0 and more Source cves: CVE-2021-29451 Source advisory: OSV:GHSA-6G3C-2MH5-7Q6X...
Insecure JWT Verification
portofino-dispatcher performs insecure JWT token verification. The lack of proper JSON Web Token signature verification allows an attacker to successfully forge a JWT which would otherwise pass verification...
CVE-2021-29451
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release...