19 matches found
Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection
Summary The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts line 59 uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound HTTP call automation steps, plugin downloads,...
CVE-2026-48146 Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection
Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound...
EUVD-2026-18792
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist...
EUVD-2020-0074
Malware in sbrugna...
CVE-2020-10594
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
Remote Code Execution
com.alipay.sofa:hessian is vulnerable to Remote Code Execution. The vulnerability is due to a gadget chain that bypasses the SOFA Hessian protocol's blacklist protection mechanism. This gadget chain relies solely on JDK classes and does not require any third-party components. The issue is fixed i...
CVE-2024-23636
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...
CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...
GHSA-FPJM-RP2G-3R4C Django Rest Framework jwt allows obtaining new token from notionally invalidated token
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
Protection Mechanism Bypass
drfjwt is vulnerable to blacklist protection mechanism bypass. Due to lack of compatibility between a blacklist protection mechanism and token-refresh feature, the refresh endpoint allows a user with an invalidated token to get a new valid token...
drf-jwt Authorization Issues Vulnerability
drf-jwt is a JSON Web Token Authentication support package for the Django REST Framework. An authorization issue vulnerability exists in drf-jwt version 1.15.x prior to 1.15.1, which stems from an incompatibility between the blacklist protection mechanism and the token refresh feature, and can be...
Design/Logic Flaw
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
PYSEC-2020-40
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
CVE-2020-10594
An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notionally invalidated token to obtain a new, working token via the refresh endpoint, because the blacklist protection mechanism is incompatible with the token-refresh feature. NOTE: drf-jwt is a fork of...
CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
Open-Xchange: SSRF - RSS feed, blacklist bypass (301 re-direct)
FYI - Tested on local installation of App Suite 7.8.4 REV 17 Hello, There appears to be another SSRF re-direct vulnerability, similar to my earlier reports that will allow scanning of the App Suite local ports or internal hosts, regardless of blacklist protection in place. The endpoint is the...
CVE-2006-0800
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...
Cross site scripting
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...