Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID: CVE-2021-39139 DESCRIPTION: XStream could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By...

CVE-2021-41587

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources...

Server side request forgery (ssrf)

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources...

Server side request forgery (ssrf)

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. Note: Software versions which have...

Open redirect in url-parse

Overview Affected versions of npm url-parse are vulnerable to URL Redirection to Untrusted Site. Impact Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior...

URIjs Vulnerable to Hostname spoofing via backslashes in URL

Impact If using affected versions to determine a URL's hostname, the hostname can be spoofed by using a combination of backslash \ and slash / characters as part of the scheme delimiter, e.g. scheme:///\hostname. If the hostname is used in security decisions, the decision may be incorrect...

Open Redirect in tjenkinson/url-toolkit

✍️ Description url-toolkit mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-toolkit sees it as a relative path. Which will lead to SSRF attacks, open redirects,...

XML Entity Injection Vulnerability in MySQL Connector/J

MySQL Connector/J is the official JDBC driver for the MySQL database. An XML entity injection vulnerability exists in MySQL Connector/J, which can be exploited by an attacker to read a file or launch an SSRF attack...

Open Redirect in medialize/uri.js

✍️ Description urijs mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-parse sees it as a relative path. 🕵️‍♂️ Proof of Concept 1. Create the following PoC file:...

Mitigating attacks in serverless environments

Serverless computing has become the fastest-growing segment in the cloud services market. The benefits are clear and significant: cost savings and lower operational overhead, giving development teams full control over code and flexibility in the infrastructure. This also means that, in terms of...

PYSEC-2021-82

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...

URIjs Hostname spoofing via backslashes in URL

Impact If using affected versions to determine a URL's hostname, the hostname can be spoofed by using a backslash \ character as part of the scheme delimiter, e.g. scheme:/\hostname. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...

CVE-2020-26291

A flaw was found in urijs. The hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF...

Hostname spoofing via backslashes in URL

Overview URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library...

CVE-2020-26291

URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...

CVE-2020-26291

URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...

Design/Logic Flaw

URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-28735

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature only available to the Manager role...

GHSA-VR8Q-G5C7-M54M Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability

Severity Nokogiri maintainers have evaluated this as Low Severity CVSS3 2.6. Description In Nokogiri versions = 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. Th...