19 matches found
MAL-2026-4682 Malicious code in tango-app-api-trax (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c14d60a97b056e00cb3055bd07605c2f16482794e5860fee68cab46f308893d The package tarball includes a Google Cloud service-account JSON file fir-51e77-firebase-adminsdk-x3sdp-fd902b74ae.json containing a live RSA private...
EUVD-2022-2377
Malicious code in bioql PyPI...
EUVD-2022-1666
Malicious code in bioql PyPI...
CVE-2022-24871
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3...
MAL-2024-1800 Malicious code in baas-admin-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02b88347762e0242b4c0b151f2151585e43776a3fb5198383f4076e4bcab74d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in baas-admin-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02b88347762e0242b4c0b151f2151585e43776a3fb5198383f4076e4bcab74d7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-4GJJ-R7W8-42CQ Jerome Gamez Firebase Admin SDK for PHP Incorrect Access Control vulnerability
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...
Jerome Gamez Firebase Admin SDK for PHP Incorrect Access Control vulnerability
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...
GHSA-7GM7-8Q8V-9GF2 Server-Side Request Forgery (SSRF) in Shopware
Impact The attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Patches We recommend updating to the current version 6.4.10.1. You can get the update to 6.4.10.1 regularly via the Auto-Updater or directly via the download overview...
Server-Side Request Forgery (SSRF) in Shopware
Impact The attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Patches We recommend updating to the current version 6.4.10.1. You can get the update to 6.4.10.1 regularly via the Auto-Updater or directly via the download overview...
Server-side Request Forgery (SSRF)
shopware/platform is vulnerable to server-side request forgery. An attacker can read or update internal resources by sending malicious requests on behalf of the server into the admin SDK functionality...
CVE-2022-24871
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3...
Design/Logic Flaw
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3...
CVE-2022-24871 Server-Side Request Forgery (SSRF) in Shopware
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3...
CVE-2022-24871
Shopware SSRF vulnerability (CVE-2022-24871) enables an attacker to abuse the Admin SDK on the server to read or update internal resources. Affected: Shopware platform; current fix is upgrade to 6.4.10.1. For 6.1/6.2/6.3, security measures via a plugin are available. No public workaround document...
CVE-2022-24871 Server-Side Request Forgery (SSRF) in Shopware
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3...
CVE-2018-1000025
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...
CVE-2018-1000025
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or fro...
CVE-2018-1000025
CVE-2018-1000025 affects Jerome Gamez Firebase Admin SDK for PHP versions 3.2.0–3.8.0. Affected component: src/Firebase/Auth/IdTokenVerifier.php; root cause: token signature is not verified, enabling forging of JWTs with arbitrary email addresses and user IDs. Impact: improper access control via ...