be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +8 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-sns (>=4.0.0-M1 <=4.0.1)

io.awspring.cloud:spring-cloud-aws-sns MAVEN version =4.0.0-M1, =0.4.0, =0.4.0, =4.0.0, =4.0.0, =4.0.0, =2.1.0, =1.3.0, =7.0.0, =7.0.0, =7.3.1 Source cves: CVE-2026-44308 Source advisory: SNYK:JAVA-IOAWSPRINGCLOUD-16799818...

GHSA-5Q86-62XR-3R57 Uses of deprecated API can be used to cause DoS in user-facing endpoints

Impact Several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. Eventsources susceptible to an out-of-memor...

Uses of deprecated API can be used to cause DoS in user-facing endpoints

Impact Several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. Eventsources susceptible to an out-of-memor...

CVE-2021-41280

Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service SNS notification token configured via the snsnotificationtoken configuration...

Command injection

Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service SNS notification token configured via the snsnotificationtoken configuration...

CVE-2021-41280

CVE-2021-41280 affects Sharetribe Go (OS configuration) where an operating system command injection is possible in affected versions that do not configure the secret SNS notification token via the sns_notification_token parameter. The issue is mitigated by upgrading to version 10.2.1, where the p...

CVE-2021-41280 OS command injection in Sharetribe Go

Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service SNS notification token configured via the snsnotificationtoken configuration...