25 matches found
EUVD-2022-3385
Malicious code in bioql PyPI...
CVE-2019-6035
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (>=2.11.0 <=2.11.4) +3 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.4)
org.apache.pulsar:pulsar-broker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.4 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...
org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.3), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.1.0 <=3.1.3) +2 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.3)
org.apache.pulsar:pulsar-broker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.3 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...
org.apache.pulsar:pulsar-broker-auth-athenz (>=3.2.0 <=3.2.1), org.apache.pulsar:pulsar-broker-auth-sasl (>=3.2.0 <=3.2.1) +2 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=3.2.0 <=3.2.1)
org.apache.pulsar:pulsar-broker MAVEN version =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.1 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (>=2.11.0 <=2.11.3) +3 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.3)
org.apache.pulsar:pulsar-broker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 Source cves: CVE-2024-28098 Source advisory: OSV:GHSA-G627-R579-RW35...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.3) +4 more potentially affected by CVE-2024-27894 via org.apache.pulsar:pulsar-functions-worker (>=2.11.0 <=2.11.3)
org.apache.pulsar:pulsar-functions-worker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 Source cves: CVE-2024-27894 Source advisory: OSV:GHSA-C2X9-VW5H-39VC...
org.apache.pulsar:pulsar-broker-auth-athenz (=3.2.0), org.apache.pulsar:pulsar-broker-auth-sasl (=3.2.0) +2 more potentially affected by CVE-2024-28098 via org.apache.pulsar:pulsar-broker (=3.2.0)
org.apache.pulsar:pulsar-broker MAVEN version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - org.apache.pulsar:pulsar-broker-auth-athenz =3.2.0 - org.apache.pulsar:pulsar-broker-auth-sasl...
org.apache.pulsar:pulsar-broker (>=3.1.0 <=3.1.2), org.apache.pulsar:pulsar-broker-auth-athenz (>=3.1.0 <=3.1.2) +3 more potentially affected by CVE-2024-27317 via org.apache.pulsar:pulsar-functions-worker (>=3.1.0 <=3.1.2)
org.apache.pulsar:pulsar-functions-worker MAVEN version =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.2 Source cves: CVE-2024-27317 Source advisory: OSV:GHSA-JG2G-4RJG-CMQH...
app.cash.backfila:client-misk (>=2023.12.01.210510-f61f157 <=2025.09.02.174848-7b27340), app.cash.backfila:client-misk-hibernate (>=2023.12.01.210510-f61f157 <=2025.01.16.180443-b0fbc31) +1597 more potentially affected by CVE-2023-33202 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.72)
org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =4.8.3, =1.4.0, =8.1.0.563, =1.1, =1.0.0, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.7.12 and more Source cves: CVE-2023-3320...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (=2.11.0) +3 more potentially affected by CVE-2023-30428 via org.apache.pulsar:pulsar-broker (=2.11.0)
org.apache.pulsar:pulsar-broker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (=2.11.0) +3 more potentially affected by CVE-2023-31007 via org.apache.pulsar:pulsar-broker (=2.11.0)
org.apache.pulsar:pulsar-broker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...
com.clever-cloud:biscuit-pulsar (>=2.2.2 <=2.3.0), org.apache.pulsar:pulsar-broker-auth-athenz (>=2.8.0 <=2.8.3) +3 more potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-broker (>=2.8.0 <=2.8.3)
org.apache.pulsar:pulsar-broker MAVEN version =2.8.0, =2.2.2, =2.8.0, =2.8.0, =2.8.0, =2.8.0, =2.8.3 Source cves: CVE-2022-33683 Source advisory: OSV:GHSA-J3QW-G67Q-7M64...
com.clever-cloud:biscuit-pulsar (>=2.3.2 <=3.2.0), com.github.shoothzj:test-pulsar (>=3.1.7 <=3.1.11) +4 more potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-broker (>=2.9.0 <=2.9.2)
org.apache.pulsar:pulsar-broker MAVEN version =2.9.0, =2.3.2, =3.1.7, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.2 Source cves: CVE-2022-33683 Source advisory: OSV:GHSA-J3QW-G67Q-7M64...
GHSA-9HG5-7HWC-V434 Athenz vulnerable to Open Redirect
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page...
Athenz vulnerable to Open Redirect
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page...
Weak Cryptography Hash
github.com/yahoo/athenz is uses weak cryptographic hashes. The KeyRefresher uses the MD5 hash algorithm, which has been cryptographically broken, and hence cannot be used to guarantee data integrity...
Athenz Input Validation Error Vulnerability
Athenz is an open source authentication and authorization platform. The platform is mainly used for X.509 certificate-based service authentication and access control based on fine-grained roles in dynamic infrastructures. An input validation error vulnerability exists in Athenz v1.8.24 and earlie...
CVE-2019-6035
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page...
CVE-2019-6035
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page...