72 matches found
PrivateGPT 安全漏洞
PrivateGPT is an AI project. PrivateGPT has a security vulnerability that stems from a lack of secure session management implementation and a weak CORS policy, resulting in a cross-site request forgery CSRF vulnerability. An attacker could use this vulnerability to trigger a data poisoning attack...
The vulnerability of the Hitachi Ops Center Analyzer software for data analysis and analysis lies in the absence of a “Secure” flag in the HTTPS session cookies. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Hitachi Ops Center Analyzer software-related data analysis and processing programs lies in the absence of the “Secure” flag in the HTTPS session cookies. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...
Session Fixation
@festify/secure-session is vulnerable to a Session Fixation. This vulnerability is due to the session removal process where even after marking the session for deletion, an attacker could continue using it...
CVE-2024-31999
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...
CVE-2024-31999
The CVE-2024-31999 issue affects @festify/secure-session used with Fastify. The vulnerability arises in the session removal process: after a session is marked for deletion, an attacker who can access the cookie could continue to reuse it, effectively retaining access across requests. Public detai...
@artgenio/core (>=0.6.3 <=0.7.1), @assert-server/core (>=1.0.0 <=1.0.2) +21 more potentially affected by CVE-2024-31999 via @fastify/secure-session (>=4.1.1 <=7.1.0)
@fastify/secure-session NPM version =4.1.1, =0.6.3, =1.0.0, =1.1.2, =1.0.0, =1.0.1, =0.1.1, =0.1.0, =0.7.0, =1.0.8, =0.5.1, =0.1.4, =0.0.1, =0.0.1, =1.0.0-1, =1.0.0-3 and more Source cves: CVE-2024-31999 Source advisory: OSV:GHSA-9WWP-Q7WQ-JX35...
PT-2024-24349 · Npm · @Festify/Secure-Session
Name of the Vulnerable Software and Affected Versions: @festify/secure-session versions prior to 7.3.0 Description: The issue exists in the session removal process of @festify/secure-session. When a session is deleted, it is marked for deletion, but if an attacker gains access to the cookie, they...
Fastify 安全漏洞
Fastify is an OpenJS Foundation open source web framework for Node.js. A security vulnerability exists in Fastify secure-session versions prior to 7.3.0, which stems from a vulnerability that allows an attacker to reuse a corrupted secure-session cookie...
SUSE CVE-2024-0853
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...
CVE-2023-6482
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a...
Apache Superset < 2.1.0 Secure Session Key
The version of Apache Superset installed on the remote host is affected a potential unsecure session key vulnerability. Installations that have not altered the default configured SECRETKEY according to the installation instructions, or that use a predictable key phrase, would allow for an...
phpMyFAQ 安全漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system. An information disclosure vulnerability exists in phpMyFAQ versions prior to 3.2.2, which stems from the presence of sensitive cookies in an HTTPS session, and can be exploited by an attacker to obtain sensitive information...
CSRF token fixation in fastify-passport
The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers. Details fastify/csrf-protection implements the synchronizer token pattern using plugins @fastify/session and @fastify/secure-session by...
memos 安全漏洞
memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in versions of memos prior to 0.9.0, which stems from a sensitive cookie without security attributes in an HTTPS session...
Cross-site Scripting in bootstrap-table
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
GHSA-GRW5-G9H2-WPG8 Cross-site Scripting in bootstrap-table
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
Design/Logic Flaw
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
CVE-2022-1726
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...