Lucene search
+L

70 matches found

OSV
OSV
added 2024/10/02 6:30 a.m.11 views

GHSA-R2JW-C95Q-RJ29 Duplicate Advisory: cocoon Reuses a Nonce, Key Pair in Encryption

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6878-6wc2-pf5h. This link is maintained to preserve external references. Original Description Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encryp...

6.3CVSS6.5AI score0.0014EPSS
Exploits0References7
NVD
NVD
added 2024/10/02 5:15 a.m.12 views

CVE-2024-21530

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...

4.5CVSS0.0014EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/02 5:0 a.m.9 views

CVE-2024-21530

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...

4.5CVSS6.8AI score0.0014EPSS
Exploits0References5
OSV
OSV
added 2024/10/02 5:0 a.m.6 views

CVE-2024-21530

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...

4.5CVSS4.7AI score0.0014EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.3 views

Cocoon 安全漏洞

Cocoon is a simple and reliable security repository from the personal developer Alexander Fadeev. A security vulnerability exists in Cocoon versions prior to 0.4.0 that stems from the easy reuse of Nonce key pairs in encryption, which allows an attacker to generate the same ciphertext by creating...

4.5CVSS6.7AI score0.0014EPSS
Exploits0References6
CNVD
CNVD
added 2023/12/04 12:0 a.m.10 views

Apache Cocoon XML External Entity Injection Vulnerability

Apache Cocoon is the United States Apache Apache Foundation of a component-based Web development concepts built Web application framework. Apache Cocoon suffers from an XML External Entity Injection vulnerability that arises from a network system or product that does not have the correct filters ...

9.8CVSS7AI score0.01292EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/04 12:0 a.m.14 views

Apache Cocoon SQL Injection Vulnerability

Apache Cocoon is the United States Apache Apache Foundation of a component-based Web development concepts built Web application framework. Apache Cocoon suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacke...

9.8CVSS7.7AI score0.01102EPSS
Exploits0References1
Veracode
Veracode
added 2023/12/01 7:28 a.m.16 views

SQL Injection

Apache Cocoon is vulnerable to SQL Injection. The vulnerability is due to the DatabaseCookieAuthenticatorAction class improperly sanitizing parameters used in an SQL command. This issue can be exploited by an attacker by injecting malicious SQL commands resulting in SQL injection...

9.8CVSS7.5AI score0.01102EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2023/12/01 7:6 a.m.22 views

XML External Entity (XXE) Injection

Apache Cocoon is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing configuration in the StreamGenerator class, which allows an attacker to submit a malicious XML document, resulting in XXE. An attacker can exploit this flaw to read arbitrary files o...

9.8CVSS6.8AI score0.01292EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/11/30 12:30 p.m.52 views

GHSA-77JG-CPW9-73VG Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.8CVSS9.4AI score0.01292EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/11/30 12:30 p.m.28 views

Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.8CVSS9.5AI score0.01292EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/11/30 12:15 p.m.29 views

CVE-2023-49733

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.8CVSS0.01292EPSS
Exploits0References2
OSV
OSV
added 2023/11/30 12:15 p.m.8 views

CVE-2023-49733

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.8CVSS5.8AI score0.01292EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/30 11:29 a.m.29 views

CVE-2023-49733 Apache Cocoon's StreamGenerator is vulnerable to XXE injection

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.7AI score0.01292EPSS
Exploits0References2
CVE
CVE
added 2023/11/30 11:29 a.m.89 views

CVE-2023-49733

CVE-2023-49733 affects Apache Cocoon 2.2.0 up to versions before 2.3.0. It is an XML External Entity (XXE) reference vulnerability due to improper restriction, enabling potentially sensitive data exposure and other impacts as described in the sources. The recommended remediations are upgrading to...

9.8CVSS9.5AI score0.01292EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/30 9:30 a.m.25 views

Apache Cocoon SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.8CVSS9.8AI score0.01102EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/11/30 9:30 a.m.25 views

GHSA-8V4W-JR33-4RH3 Apache Cocoon SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.8CVSS9.7AI score0.01102EPSS
Exploits0References4
OSV
OSV
added 2023/11/30 8:15 a.m.6 views

CVE-2022-45135

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.8CVSS5.8AI score0.01102EPSS
Exploits0References2
NVD
NVD
added 2023/11/30 8:15 a.m.14 views

CVE-2022-45135

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

9.8CVSS0.01102EPSS
Exploits0References2
Prion
Prion
added 2023/11/30 8:15 a.m.16 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

7.5CVSS7.8AI score0.01102EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder