ServiceStack 输入验证错误漏洞

ServiceStack is an API for building high-performance web services from ServiceStack, Inc. An input validation error vulnerability exists in ServiceStack that stems from the GetErrorResponse method not properly validating user input, which could lead to an NTLM credential relay attack...

PT-2025-26619 · Unknown · Servicestack

Name of the Vulnerable Software and Affected Versions: ServiceStack affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of ServiceStack. The specific flaw exists within the implementation of the FindType method, which...

PT-2025-26618 · Unknown · Servicestack

Name of the Vulnerable Software and Affected Versions: ServiceStack affected versions not specified Description: This issue allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. The specific flaw exists within the implementation of the GetErrorResponse metho...

ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation o...

ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation o...

CVE-2020-28042

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

CVE-2019-1010199

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting XSS. The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side...

GHSA-VCFC-9WCP-J623 Cross site scripting attack in ServiceStack Framework

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting XSS. The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side...

Cross site scripting attack in ServiceStack Framework

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting XSS. The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side...

Regular Expression Denial Of Service (ReDoS)

servicestack is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string through block.html...

Cross-Site Scripting (XSS)

servicestack is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via a malicious URL to the application...

GHSA-V5RV-HPXG-8X49 Signature validation bypass in ServiceStack

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

Signature validation bypass in ServiceStack

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

Signature Validation Bypass

servicestack is vulnerable to signature validation bypass. The token validation function does not check a valid minimum length and null for a JWT signature, allowing an attacker to bypass the signature verification...

CVE-2020-28042

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

CVE-2020-28042

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

Code injection

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

CVE-2020-28042

ServiceStack prior to version 5.9.2 is vulnerable to a JWT signature verification bypass. The issue arises because the library mishandles signature checks unless an application uses a custom ValidateToken function that enforces a minimum signature length. Affected component is ServiceStack JWT ha...

CVE-2020-28042

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

CVE-2019-1010199

ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting XSS. The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side...