PT-2021-4083

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 10.5 and later Description A server-side request forgery vulnerability in GitLab CE/EE allows an unauthenticated attacker to exploit the issue when requests to the internal network for webhooks are enabled. This...

[SECURITY] [DLA 2507-1] libxstream-java security update

Debian LTS Advisory DLA-2507-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 31, 2020 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb9u1 CVE ID : CVE-2020-26258 CVE-2020-26259 Debian Bug : 977625 977624 Several security...

Plone Server-Side Request Forgery Vulnerability

Plone is an open source content management system. A server-side request forgery vulnerability exists in Plone versions prior to 5.2.3. An attacker can exploit this vulnerability by backtracking to conduct server-side request forgery attacks...

Plone 代码问题漏洞

Plone is an open source content management system. A server-side request forgery vulnerability exists in Plone versions prior to 5.2.3. An attacker can exploit this vulnerability by backtracking to conduct server-side request forgery attacks...

Esri Arcgis Server Server-Side Request Forgery Vulnerability

Esri Arcgis Server is the United States Esri company's a Web-oriented can be used to provide geographic location services, enterprise-class software platform. A security vulnerability exists in Esri ArcGIS Server versions prior to 10.8, which stems from a configuration that does not adequately...

CVE-2020-35712

Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations...

GHSA-4CCH-WXPW-8P28 Server-Side Forgery Request can be activated unmarshalling with XStream

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15...

Exploit for Server-Side Request Forgery in Cockpit-Project Cockpit

Cockpit-Project v234 - Server-Side Request Vulnerability unau...

GHSA-6R3P-FCVM-XH7C SSRF vulnerability in Apache Airflow

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

batik: SSRF via "xlink:href"

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

Server side request forgery (ssrf)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

CVE-2020-26258 Server-Side Forgery Request can be activated unmarshalling with XStream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

PT-2020-12318 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 13.0.0 Description: A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request uri. This flaw allows an attacker to use this parameter to...

XStream Code Issue Vulnerability

XStream is a lightweight, easy-to-use, open source Java class library from the XStream team that is primarily used to serialize or deserialize objects into XML JSON. XStream suffers from a code issue vulnerability that stems from a server-side forged request vulnerability can be activated during...

PT-2020-6136 · Thornton Rose +3 · Xstream +3

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.15 Description: The issue is related to a Server-Side Forgery Request vulnerability in XStream, a Java library used to serialize objects to XML and back again. This vulnerability can be activated when unmarshalli...

Apache Airflow 代码问题漏洞

Apache Airflow is an open source tool for orchestrating complex computational workflows and data processing pipelines. A server-side request forgery vulnerability exists in the Chart and Query View of the old UI in Apache Airflow versions prior to 1.10.13. No details of the vulnerability are...

Exploit for OS Command Injection in Apache Struts

CVE-2020-26259 CVE-2020-26259: XStream1.4.14 is vulnerable...

CVE-2020-26831

SAP BusinessObjects BI Platform Crystal Report, versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file...