22 matches found
EUVD-2024-0934
Malicious code in bioql PyPI...
EUVD-2024-0999
Malicious code in bioql PyPI...
CVE-2024-29886
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...
CVE-2024-29887
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
Serverpod improved security for stored password hashes
Description Improved security for stored password hashes Serverpod now uses the OWASP, source, recommended Argon2Id password hash algorithm to store password hashes for the email authentication module. Starting from Serverpod 1.2.6 all users that either creates an account or authenticates with th...
Serverpod client accepts any certificate
This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...
GHSA-H6X7-R5RG-X5FW Serverpod client accepts any certificate
This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...
Serverpod client accepts any certificate
This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...
CVE-2024-29887
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
CVE-2024-29886
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...
CVE-2024-29887
CVE-2024-29887 affects the Serverpod client component of Serverpod (serverpod_client), where TLS certificate validation is bypassed in non-web HTTP clients. The root cause is improper certificate validation, enabling potential man-in-the-middle attacks on encrypted traffic between client devices ...
CVE-2024-29887 Serverpod client accepts any certificate
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
CVE-2024-29887 Serverpod client accepts any certificate
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
CVE-2024-29887 Serverpod client accepts any certificate
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
CVE-2024-29886 Improved security for stored password hashes
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...
CVE-2024-29886
CVE-2024-29886 affects Serverpod; root cause is an outdated password hash algorithm vulnerable to rainbow attacks if the database is compromised. The issue is mitigated by upgrading to Serverpod 1.2.6, which switches to the Argon2id password hash algorithm for the email authentication module. Not...
CVE-2024-29886 Improved security for stored password hashes
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...
CVE-2024-29886 Improved security for stored password hashes
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6...
Serverpod 安全漏洞
Serverpod is a web server from Serverpod open source. A security vulnerability exists in versions of Serverpod prior to 1.2.6 that stems from a vulnerability that allows an attacker to bypass the validation of TSL certificates on all non-web HTTP clients in the serverpodclient package, resulting ...
PT-2024-23110
Name of the Vulnerable Software and Affected Versions Serverpod versions prior to 1.2.6 Description The issue bypasses the validation of TSL certificates on all non-web HTTP clients in the serverpod client package, making them susceptible to a man-in-the-middle attack against encrypted traffic...