Malicious code in @manomano-toolbox/api-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db95524e5bf90907d13f9109419d2a10727fd9549c599cad79231ab6359745f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-411 Malicious code in @manomano-toolbox/api-gateway (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db95524e5bf90907d13f9109419d2a10727fd9549c599cad79231ab6359745f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Spring-Cloud-Gateway-CVE-2022-22947 Security Notice regardi...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Spring-Cloud-Gateway-CVE-2022-22947 Security Notice regardi...

Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

GHSA-MWH9-GR45-XVV4 Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

Apache ShenYu Denial of Service Vulnerability

A denial-of-service vulnerability exists in Apache ShenYu, an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to pass in malicious regular...

The vulnerability of the Apache APISIX cloud API gateway, related to bypassing authentication through spoofing, allows attackers to execute arbitrary code.

The vulnerability of the Apache APISIX cloud API gateway involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Security Bulletin: IBM DataPower Gateway API Gateway component potentially vulnerable to a Denial of Service

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-38872 DESCRIPTION: IBM DataPower Gateway could allow a remote user to cause a denial of service by consuming resources with multiple requests. CVSS Base score: 5.3 CVSS Temporal Score: See:...

Information Leakage Vulnerability in API Gateway Management System of Tech Data Communication Co.

Founded in 1999, Tech Data Xunfei Co., Ltd. is a well-known listed company in the Asia-Pacific region for intelligent speech and artificial intelligence. An information disclosure vulnerability exists in the API gateway management system of KDDI Corporation, which can be exploited by attackers to...

Requests-Ip-Rotator - A Python Library To Utilize AWS API Gateway's Large IP Pool As A Proxy To Generate Pseudo-Infinite IPs For Web Scraping And Brute Forcing

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. This library will allow the user to bypass IP-based rate-limits for sites and services. X-Forwarded-For headers are automatically randomised and applied unles...

Apache Apisix Information Disclosure Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd and features dynamic routing and plugin hot-loading for API management in microservices systems. versions prior to Apache Apisix 2.13.1 contain an information...

Poro - Scan Publicly Accessible Assets On Your AWS Cloud Environment

Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databases EC2 instances Redshift Databases Poro also check if a tag you specify is applied to identified public resources using --tag-key and --tag-value arguments...

Apache Apisix Input Validation Error Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd, with dynamic routing and plugin hot-loading for API management in microservices systems. An attacker could use this vulnerability to bypass the bodyschema...

Apache ShenYu Access Control Error Vulnerability

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway . An access control error vulnerability exists in Apache ShenYu version 2.4.0 and 2.4.1. An attacker can exploit this vulnerability to access the /plugin api without authentication, compromising system...

Apache Apisix Licensing Issue Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...

Symantec Security Advisory for Log4j Vulnerability

Summary Symantec products may be susceptible to a flaw in the Apache Log4j 2 library JNDI lookup mechanism. A remote attacker, who can trigger Log4j to log crafted malicious strings, can execute arbitrary code on the target system. Affected Products The following products and product versions are...

Exploit for Improper Authentication in Apache Shenyu

Apache ShenYu Admin has a vulnerability that allows for authenti...

Apache ShenYu licensing issue vulnerability

Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation.An authorization issue vulnerability exists in Apache ShenYu Admin, which stems from a misuse of JWT in ShenuAdminBootstrap allowing an attacker to bypass authentication. No...

Best practices in WAF gateways to meet the demands of digital transformation

Every day, digital transformation is changing every organization’s threat landscape. As a result, they are facing a dilemma about where and how to deploy their application security solution. One of the most common approaches that organizations take is to deploy a reverse proxy security solution i...