GHSA-7W54-GP8X-F33M Potential exposure of tokens to an Unauthorized Actor

Impact When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so...

CVE-2022-21671

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

Design/Logic Flaw

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

CVE-2022-21671 Potential exposure of Replit tokens to an Unauthorized Actor in @replit/crosis

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

CVE-2022-21671 Potential exposure of Replit tokens to an Unauthorized Actor in @replit/crosis

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

PT-2022-15025 · Replit · @Replit/Crosis

Name of the Vulnerable Software and Affected Versions: @replit/crosis versions prior to 7.3.1 Description: A vulnerability exists that involves exposure of sensitive information. When using the library to communicate with Replit in a standalone fashion, if there are multiple failed attempts to...

CVE-2021-44458

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the...

Design/Logic Flaw

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the...

CVE-2021-44458

CVE-2021-44458 affects Lens (versions 5.2.6 and earlier). The root cause is lack of websocket authentication, allowing a malicious website to cause the victim's browser to connect to Lens and operate the local terminal, enabling arbitrary commands to be executed as the Lens user (remote code exec...

CVE-2021-44458 Lack of websocket authentication in Lens causes remote code execution when visiting a malicious website

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the...

Lens 访问控制错误漏洞

Lens is a distribution of the OpenLens repository that contains Team Lens-specific customizations released under a legacy EULA. An authorization issue vulnerability exists in Lens that stems from a lack of websocket authentication leading to remote code execution when accessing a malicious websit...

PT-2022-12122 · Lens · Lens

Name of the Vulnerable Software and Affected Versions: Lens versions 5.2.6 and earlier Description: The issue allows attackers to execute arbitrary commands as the Lens user by making websocket connections from the victim's browser to Lens, enabling operation of the local terminal feature, when a...

undertow: buffer leak on incoming websocket PONG message may lead to DoS

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS

A flaw was found in eventlet. If an unauthenticated user manages to send large websocket frames or highly compressed data frames that can lead to memory exhaustion. An attacker could use this flaw to cause a denial of service DoS...

STEWS - A Security Tool For Enumerating WebSockets

STEWS is a tool suite for security testing of WebSockets This research was first presented at OWASP Global AppSec US 2021 Features STEWS provides the ability to: Discover : find WebSockets endpoints on the web by testing a list of domains Fingerprint : determine what WebSockets server is running ...

The vulnerability of the SD-WAN system “Bohatka,” related to lack of access control, allows a hacker to execute any arbitrary code on the system’s server.

The vulnerability of the SD-WAN system “Bohatka” is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the system’s server, after successful authentication via WebSocket...

The vulnerability of the SD-WAN system “Bohatka,” related to deficiencies in authentication procedures, allows attackers to bypass the authentication mechanism.

The vulnerability of the SD-WAN system “Bohatka” is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication mechanism in the WebSocket component by using a forged access token...

tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS

A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from...

tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS

A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from...

undertow: buffer leak on incoming websocket PONG message may lead to DoS

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...