4 matches found
GHSA-WWQH-7JM5-GJ7W free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference
Summary free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" enabling traffic-routing feature negotiation and whose medComponents entries supply an afAppId but NO AfRoutReq. The create path then calls...
Malicious code in shopify-app-session-storage (npm)
The package shopify-app-session-storage was found to contain malicious code...
MAL-2025-33118 Malicious code in shopify-app-session-storage-mysql (npm)
The package shopify-app-session-storage-mysql was found to contain malicious code...
CVE-2012-6141
The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to 1 App::Session::Cookie or 2 App::Session::HTMLHidden, which is not properly handled when it is deserialized...