26 matches found
EUVD-2016-9574
Malware in sbrugna...
EUVD-2022-4267
Malicious code in bioql PyPI...
EUVD-2022-3355
Malicious code in bioql PyPI...
K02405023: Apache Brooklyn vulnerability CVE-2017-3165
Security Advisory Description In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-si...
Apache Brooklyn is vulnerable to cross-site request forgery (CSRF)
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
GHSA-G2HF-G7FH-VG92 Apache Brooklyn is vulnerable to cross-site request forgery (CSRF)
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
GHSA-J3G9-3FVV-GQFP Cross-site Scripting In Apache Brooklyn
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...
Cross-site Scripting In Apache Brooklyn
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...
GHSA-9CQH-5X6G-WGM9 Deserialization of Untrusted Data in Apache Brooklyn
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...
Deserialization of Untrusted Data in Apache Brooklyn
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...
Apache Brooklyn Remote Code Execution Vulnerability
Apache Brooklyn is the United States Apache Apache Software Foundation's set of frameworks for deploying and managing distributed applications by monitoring and managing applications. A security vulnerability exists in SnakeYAML in versions of Apache Brooklyn prior to 0.10.0. An attacker could...
CVE-2016-8737
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
Cross site scripting
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...
Cross site request forgery (csrf)
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
Default configuration
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...
CVE-2016-8737
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
CVE-2017-3165
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...
CVE-2016-8737
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
CVE-2016-8737
In Apache Brooklyn, before version 0.10.0, the REST server is vulnerable to CSRF, allowing a malicious site to cause the user’s Brooklyn server to execute attacker commands via a forged request. A PoC exists per the CVE description. Several connected advisories document affected components and pr...
CVE-2017-3165
CVE-2017-3165 affects Apache Brooklyn before 0.10.0. The REST server is vulnerable to cross-site scripting due to improper escaping of server-side content, allowing an authenticated user to inject scripts that run in other authorized users’ browsers. PoC exploitation is noted. Public sources (inc...