26 matches found
EUVD-2016-9574
Malware in sbrugna...
EUVD-2022-4267
Malicious code in bioql PyPI...
EUVD-2022-3355
Malicious code in bioql PyPI...
K02405023: Apache Brooklyn vulnerability CVE-2017-3165
Security Advisory Description In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-si...
GHSA-G2HF-G7FH-VG92 Apache Brooklyn is vulnerable to cross-site request forgery (CSRF)
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
Apache Brooklyn is vulnerable to cross-site request forgery (CSRF)
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
Cross-site Scripting In Apache Brooklyn
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...
GHSA-J3G9-3FVV-GQFP Cross-site Scripting In Apache Brooklyn
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...
Deserialization of Untrusted Data in Apache Brooklyn
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...
GHSA-9CQH-5X6G-WGM9 Deserialization of Untrusted Data in Apache Brooklyn
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...
Apache Brooklyn Remote Code Execution Vulnerability
Apache Brooklyn is the United States Apache Apache Software Foundation's set of frameworks for deploying and managing distributed applications by monitoring and managing applications. A security vulnerability exists in SnakeYAML in versions of Apache Brooklyn prior to 0.10.0. An attacker could...
Cross site scripting
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...
Cross site request forgery (csrf)
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
CVE-2016-8737
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
Default configuration
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the...
CVE-2016-8737
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
CVE-2016-8737
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
CVE-2017-3165
CVE-2017-3165 affects Apache Brooklyn before 0.10.0. The REST server is vulnerable to cross-site scripting due to improper escaping of server-side content, allowing an authenticated user to inject scripts that run in other authorized users’ browsers. PoC exploitation is noted. Public sources (inc...
CVE-2016-8744
CVE-2016-8744 affects Apache Brooklyn. The issue stems from SnakeYAML: in Brooklyn’s default configuration prior to 0.10.0, unmarshal allows any Java type on the classpath. This enables an authenticated user to cause the JVM running Brooklyn to load and execute Java code with the process’s privil...
CVE-2017-3165
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...