4 matches found
PT-2026-52656
Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Lemur version 1.9.0 Description The JWT verifier in the lemur/lemur/auth/service.py component trusts the alg header field from unverified tokens and passes it directly into the pyjwt.decode function via the...
Passbolt 安全漏洞
Passbolt is an open source password manager from the French company Passbolt. A security vulnerability exists in versions prior to Passbolt 5, which stems from a server misconfiguration that could result in the sending of e-mail with an attacker-controlled HTTP Host header domain...
MGASA-2022-0289 Updated apache-mod_wsgi packages fix security vulnerability
It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...
Laminas Project diactoros 环境问题漏洞
Laminas Project diactoros is a PSR HTTP message implementation of Laminas Project. An environment issue vulnerability exists in Laminas Project diactoros, which can be exploited by an attacker to add a new header to laminas-dictoros via Security/x Forwarded Header...