Attacks and Mitigations for Distributed Governance of Agentic AI under Byzantine Adversaries

Agentic AI governance is a critical component of agentic AI infrastructure ensuring that agents follow their owner's communication and interaction policies, and providing protection against attacks from malicious agents. The state-of-the-art solution, SAGA, assumes a logically centralized point o...

VulnCheck KEV: CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

GHSA-R7V4-JWX9-WX43 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator

Background CILogon is a federated auth provider that allows users to authenticate themselves via a number of Identity Providers IdP, focused primarily on educational and research institutions such as Universities. More traditional and open IdPs such as GitHub, ORCID, Google, Microsoft, etc are al...

PT-2020-9918 · Apache · Apache Dubbo

Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions 2.5.x Apache Dubbo versions 2.6.0 through 2.6.7 Apache Dubbo versions 2.7.0 through 2.7.4 Description: Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a PO...