Lucene search
K

19 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 3:8 p.m.15 views

Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Summary The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts line 59 uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound HTTP call automation steps, plugin downloads,...

7.7CVSS5.5AI score0.00217EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/27 5:0 p.m.46 views

CVE-2026-48146 Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound...

7.7CVSS0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 9:34 p.m.4 views

EUVD-2026-18792

Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist...

9.6CVSS5.9AI score0.00377EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0074

Malware in sbrugna...

9.1CVSS9AI score0.01257EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 p.m.20 views

CVE-2020-10594

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

9.1CVSS6.6AI score0.01257EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/23 4:48 p.m.13 views

Remote Code Execution

com.alipay.sofa:hessian is vulnerable to Remote Code Execution. The vulnerability is due to a gadget chain that bypasses the SOFA Hessian protocol's blacklist protection mechanism. This gadget chain relies solely on JDK classes and does not require any third-party components. The issue is fixed i...

9.8CVSS6.9AI score0.00678EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/01/23 6:15 p.m.46 views

CVE-2024-23636

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

9.8CVSS9.7AI score0.00799EPSS
Exploits0References2
OSV
OSV
added 2024/01/23 5:22 p.m.37 views

CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

9.8CVSS9.3AI score0.00799EPSS
Exploits0References4
OSV
OSV
added 2020/06/05 4:9 p.m.43 views

GHSA-FPJM-RP2G-3R4C Django Rest Framework jwt allows obtaining new token from notionally invalidated token

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

9.3CVSS9AI score0.01257EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2020/06/05 4:9 p.m.79 views

Django Rest Framework jwt allows obtaining new token from notionally invalidated token

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

9.1CVSS4.6AI score0.01257EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2020/03/17 10:39 a.m.15 views

Protection Mechanism Bypass

drfjwt is vulnerable to blacklist protection mechanism bypass. Due to lack of compatibility between a blacklist protection mechanism and token-refresh feature, the refresh endpoint allows a user with an invalidated token to get a new valid token...

9.1CVSS3.2AI score0.01257EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2020/03/17 12:0 a.m.1 views

drf-jwt Authorization Issues Vulnerability

drf-jwt is a JSON Web Token Authentication support package for the Django REST Framework. An authorization issue vulnerability exists in drf-jwt version 1.15.x prior to 1.15.1, which stems from an incompatibility between the blacklist protection mechanism and the token refresh feature, and can be...

9.1CVSS6.9AI score0.01257EPSS
Exploits0References1
Prion
Prion
added 2020/03/15 10:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

5.8CVSS8.9AI score0.01257EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/03/15 10:15 p.m.31 views

PYSEC-2020-40

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

9.1CVSS4.9AI score0.01257EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/03/15 9:22 p.m.38 views

CVE-2020-10594

An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...

9.1AI score0.01257EPSS
Exploits0References3
OSV
OSV
added 2019/03/23 6:29 p.m.29 views

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS9.2AI score
Exploits0References22
Hacker One
Hacker One
added 2017/12/18 8:30 p.m.42 views

Open-Xchange: SSRF - RSS feed, blacklist bypass (301 re-direct)

FYI - Tested on local installation of App Suite 7.8.4 REV 17 Hello, There appears to be another SSRF re-direct vulnerability, similar to my earlier reports that will allow scanning of the App Suite local ports or internal hosts, regardless of blacklist protection in place. The endpoint is the...

6.9AI score
Exploits0
NVD
NVD
added 2006/02/20 10:2 p.m.28 views

CVE-2006-0800

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

2.6CVSS5.7AI score0.02128EPSS
Exploits1References7
Prion
Prion
added 2006/02/20 10:2 p.m.19 views

Cross site scripting

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

2.6CVSS5.9AI score0.02128EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder