BIT-PYTHON-MIN-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

CVE-2024-47762 Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend

Backstage is an open framework for building developer portals. Configuration supplied through APPCONFIG environment variables, for example APPCONFIGbackendlistenport=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema...

HTTP Verb Tampering

HTTP Verb Tampering is an attack that bypasses an authentication or control system that is based on the HTTP Verb. Sometimes, Web Server authentication mechanisms use verb-based authentication with access controls. Such security mechanisms include access control rules for requests with specific...

Twitter cans 2FA service provider over surveillance claims

Twitter is transitioning away from from its two-factor authentication 2FA provider, Mitto AG, a Swiss communications company. The social media giant broke the news to US Senator Ron Wyden of Oregon. It is noted that Twitters decision to move away from Mitto AG came after allegations that its...