2 matches found
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging configuration, an attacker can access sensitive information by exploiting the exposed logs using Keycloak as an OIDC provider clientsecret containing secret credentials...
PT-2018-18257 · None · Bleach
Name of the Vulnerable Software and Affected Versions: Bleach versions 2.1.x before 2.1.3 Description: An issue was discovered where attributes with URI values were not properly sanitized if the values contained character entities. This allowed for the construction of a URI value with a scheme th...