5 matches found
EUVD-2023-1966
Malicious code in bioql PyPI...
Design/Logic Flaw
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HT...
CVE-2023-37918
CVE-2023-37918 affects Dapr and describes an API-token authentication bypass in HTTP endpoints when API token authentication is enabled. The root cause involves health check endpoint allowlisting, where requests containing /healthz in the URL could bypass the dapr-api-token check and reach the Da...
CVE-2023-37918 API token authentication bypass in HTTP endpoints in Dapr
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HT...
CVE-2023-37918 API token authentication bypass in HTTP endpoints in Dapr
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HT...