3 matches found
GHSA-X3M8-899R-F7C3 xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
Impact An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in Oqtane.Controllers.UserController. Remediation Upgrade Oqtane.Framework to version 6.0.1 or higher. References - GitHub Commit - GitHub PR - Medium Blog Credit:...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to untrusted inputs which can influence algorithmically complex operations. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate...