zae-limiter 安全漏洞

Zae-limiter is a rate-limiting library open source by ZeroAE. Versions of Zae-limiter prior to 0.10.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that all rate-limiting buckets for a single entity shared the same DynamoDB partition key. This could lead to...

CVE-2021-21304

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

Scylla Security Breach

Scylla is a ScyllaDB open source real-time big data database compatible with Apache Cassandra and Amazon DynamoDB APIs. Scylla has a security vulnerability that stems from allowing an attacker with CREATE access to elevate to higher privileges...

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

CVE-2021-21304

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

Design/Logic Flaw

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

com.nannoq:auth (>=1.0.0 <=1.1.7), com.nannoq:fcm (>=1.0.0 <=1.1.7) +6 more potentially affected by unknown CVE via com.amazonaws:aws-dynamodb-encryption-java (>=1.11.0 <=1.14.1)

com.amazonaws:aws-dynamodb-encryption-java MAVEN version =1.11.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.4, =1.0.28, =1.1.7 Source cves: unknown CVE Source advisory: OSV:GHSA-W736-HF9P-QQH3...

CVE-2021-21304 Prototype Pollution in Dynamoose

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

CVE-2021-21304

CVE-2021-21304 describes a prototype pollution vulnerability in Dynamoose, located in the internal utility method lib/utils/object/set.ts . Affected are Dynamoose versions from 2.0.0 up to 2.6.x (and v2.x beta/alpha). The vulnerability was fixed in 2.7.0 . There is no evidence of exploitation rep...

Taking Reputation to Scale: An Iterative Journey with an Agile Approach (Part 2)

In Part 1 of this blog, we shared with you the challenges we had in balancing latency, scalability, and cost for our reputation services. In this blog, we’ll give you some insights into each major iteration along that journey, from the beginning to where we are now. 100 requests per second. Befor...