7 matches found
PowSyBl Core 安全漏洞
PowSyBl Core is an open source software building framework for power systems from PowSyBl. A security vulnerability exists in PowSyBl Core versions prior to 6.3.0 through 6.7.2 and com.powsybl:powsybl-contingency-api versions prior to 5.0.0 through 6.3.0, which stems from a regular expression...
GHSA-RQPX-F6RC-7HM5 PowSyBl Core contains Polynomial REDoS’es
Impact What kind of vulnerability is it? Who is impacted? This is an advisory for a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. When the listNamesString regex method is called on a DataSource, the user-supplied regular...
GHSA-F5CX-H789-J959 PowSyBl Core allows deserialization of untrusted SparseMatrix data
Impact What kind of vulnerability is it? Who is impacted? This is a disclosure for a security vulnerability in the SparseMatrix class. The vulnerability is a deserialization issue that can lead to a wide range of privilege escalations depending on the circumstances. The problematic area is the re...
PowSyBl Core XML Reader allows XXE and SSRF
Impact What kind of vulnerability is it? Who is impacted? In certain places, powsybl-core XML parsing is vulnerable to an XXE attack and in on place also to an SSRF attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive...
GHSA-QPJ9-QCWX-8JV2 PowSyBl Core XML Reader allows XXE and SSRF
Impact What kind of vulnerability is it? Who is impacted? In certain places, powsybl-core XML parsing is vulnerable to an XXE attack and in on place also to an SSRF attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive...
PowSyBl Core 代码问题漏洞
PowSyBl Core is a PowSyBl open source software building framework for power systems. A code issue vulnerability exists in PowSyBl Core versions 6.3.0 through 6.7.1, which stems from a deserialization issue in the read method of the SparseMatrix class that could lead to elevation of privilege...
PowSyBl Core 安全漏洞
PowSyBl Core is a PowSyBl open source software building framework for power systems. A security vulnerability exists in PowSyBl Core versions prior to 6.7.2 that stems from XML parsing vulnerability to XML external entity attacks and server-side request forgery attacks...