OpenMetadata - Authentication Bypass

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

CVE-2026-50566 Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability...

GHSA-CFW7-6C5V-2WJQ Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

Spring gRPC SecurityContext leaks across requests upon authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

GHSA-4G9C-3X4P-MFPP Spring gRPC SecurityContext leaks across requests upon authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

CVE-2026-40968 Spring gRPC SecurityContext leaks across requests on authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

CVE-2026-40968 Spring gRPC SecurityContext leaks across requests on authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

EUVD-2021-1083

Malware in sbrugna...

Malicious code in securitycontext-paypal (npm)

The package securitycontext-paypal was found to contain malicious code...

MAL-2025-32885 Malicious code in securitycontext-paypal (npm)

The package securitycontext-paypal was found to contain malicious code...

Malicious code in securitycontext-model-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d0f5dc5cd2ec64246a68ae3d6a8a63b03e25442841125c4fcaf8601002d97bb2 The OpenSSF Package Analysis project identified 'securitycontext-model-paypal' @ 2.2.22 npm as malicious. It is considered malicious because: -...

MAL-2025-6820 Malicious code in securitycontext-model-paypal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d0f5dc5cd2ec64246a68ae3d6a8a63b03e25442841125c4fcaf8601002d97bb2 The OpenSSF Package Analysis project identified 'securitycontext-model-paypal' @ 2.2.22 npm as malicious. It is considered malicious because: -...

CVE-2024-28255 Authentication Bypass in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...

Spring Security 5.8.0-M1 and 6.0.0-M6 are released

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.8.0-M1 and 6.0.0-M6 are available now. This release includes dependency upgrades, bug fixes, and enhancements. Here are a few noteworthy changes: Deferred SecurityContext lookup...

Privilege escalation in spring security

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...

GHSA-GQ28-H5VG-8PRX Privilege escalation in spring security

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...

Jenkins weekly < 2.280 Privilege Escalation

According to its self-reported version number, the version of Jenkins running on the remote web server is Jenkins weekly prior to 2.280. It is, therefore, affected by a privilege escalation vulnerability due to a failure in saving the SecurityContext if it is changed more than once in a single...

Privilege Escalation

spring-security-web is vulnerable to privilege escalation. The SecurityContext is not saved if it has been changed more than once in a single request, allowing a malicious user to run with elevated privileges in a small portion of the application, and subsequently may extend those privileges to t...

CVE-2021-22112

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...

CVE-2021-22112

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...