23 matches found
EUVD-2024-0415
Malicious code in bioql PyPI...
CVE-2023-44312
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 include. Users are recommended to upgrade to version 2.2.0, which fixes the issue...
CVE-2023-44313
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...
GO-2024-2495 Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
Sensitive Information Disclosure
github.com/apache/servicecomb-service-center is vulnerable to Sensitive Information Disclosure. The vulnerability allows an attacker to query all environment variables, resulting in Information Disclosure...
Server-Side Request Forgery
github.com/apache/servicecomb-service-center is vulnerable to Server-Side Request Forgery. The vulnerability is due to server.go because there is improper validation for user-supplied URLs or IP addresses that the service accesses for schema validation purposes. An attacker can craft a request an...
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0 included. Users are recommended to upgrade to version 2.2.0, which fixes the...
CVE-2023-44313
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...
Design/Logic Flaw
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 include. Users are recommended to upgrade to version 2.2.0, which fixes the issue...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...
CVE-2023-44313 Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...
CVE-2023-44313
Apache ServiceComb Service-Center is affected by a Server-Side Request Forgery (SSRF) vulnerability. Multiple sources indicate that the flaw exists in versions before 2.1.0 (including 2.1.0) and that upgrading to 2.2.0 fixes the issue. The vulnerability allows attackers to obtain sensitive server...
CVE-2023-44312 Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 include. Users are recommended to upgrade to version 2.2.0, which fixes the issue...
CVE-2023-44312
CVE-2023-44312 affects Apache ServiceComb Service-Center prior to 2.1.0. The documented impact is exposure of sensitive information, specifically that an attacker could query environment variables on the service-center server. The fixed version is 2.2.0 (upgrade recommended). Connected sources en...
CVE-2023-44312 Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 include. Users are recommended to upgrade to version 2.2.0, which fixes the issue...
Apache ServiceComb Service-Center Code Issue Vulnerability
Apache ServiceComb Service-Center is a Restful-based service registry from the Apache Foundation that provides microservice discovery and microservice management. A code issue vulnerability exists in Apache ServiceComb Service-Center 2.1.0 and earlier versions, which stems from a server-side...
Apache ServiceComb Service-Center Information Disclosure Vulnerability
Apache ServiceComb Service-Center is a Restful-based service registry from the Apache Foundation that provides microservice discovery and microservice management. An information disclosure vulnerability exists in Apache ServiceComb Service-Center 2.1.0 and earlier versions, which stems from an...
GHSA-PX4W-RCV2-6X8X Arbitrary code execution in Apache ServiceComb java-chassis
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5...
Apache Servicecomb Java Chassis Input Validation Error Vulnerability
Apache Servicecomb Java Chassis is the Apache Foundation , a Java language based on the Apache Foundation for building microservices to provide a whole solution for the code base . A security vulnerability exists in Apache ServiceComb-Java-Chassis versions 2.0.0 through 2.1.3, which stems from a...
CVE-2020-17532
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5...