AZL-44307 CVE-2022-24999 affecting package nodejs-nodemon 2.0.3-5

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

DEBIAN-CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

UBUNTU-CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

CVE-2022-24999

CVE-2022-24999 affects the qs library prior to 6.10.3 used by Express before 4.17.3, enabling prototype poisoning via a[proto ] in query strings that can hang a Node process. An unauthenticated remote attacker can place the payload in the URL query. The advisory notes backported fixes to qs versi...

PT-2022-17038

Name of the Vulnerable Software and Affected Versions qs versions prior to 6.10.3 Express versions prior to 4.17.3 Description The issue allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated...

CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

Cross-Site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in vendor.js due to an outdated jquery which allows an attacker to inject and execute arbitrary javascript using a specially crafted proto query string parameter...

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

Sql injection

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

CVE-2022-43709

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings...

USN-5697-1 barbican vulnerability

Douglas Mendizabal discovered that Barbican incorrectly handled certain query strings. A remote attacker could possibly use this issue to bypass the access policy...

Access Policy Bypass Via Query String Injection

openstack-barbican is vulnerable to policy bypasses. The vulnerability allows an attacker to bypass the policy via a query string when accessing the API...

GHSA-5JP2-VWRJ-99RF Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution

Impact For some Post/Put Concourse endpoint containing :teamname in the URL, a Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team. The user only needs a valid user session and belongs to...

Debian dla-3136 : barbican-api - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3136 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3136-1 [email protected] https://www.debian.org/lts/security/...

Debian DSA-5247-1 : barbican - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5247 advisory. - openstack-barbican: access policy bypass via query string injection CVE-2022-3100 Note that Nessus has not tested for this issue but has instead relied only on the...

RHEL 7 / 8 / 9 : Red Hat OpenStack Platform (openstack-barbican) (RHSA-2022:6750)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6750 advisory. Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Security...