70 matches found
GHSA-R2JW-C95Q-RJ29 Duplicate Advisory: cocoon Reuses a Nonce, Key Pair in Encryption
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6878-6wc2-pf5h. This link is maintained to preserve external references. Original Description Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encryp...
CVE-2024-21530
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...
CVE-2024-21530
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...
CVE-2024-21530
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...
Cocoon 安全漏洞
Cocoon is a simple and reliable security repository from the personal developer Alexander Fadeev. A security vulnerability exists in Cocoon versions prior to 0.4.0 that stems from the easy reuse of Nonce key pairs in encryption, which allows an attacker to generate the same ciphertext by creating...
Apache Cocoon XML External Entity Injection Vulnerability
Apache Cocoon is the United States Apache Apache Foundation of a component-based Web development concepts built Web application framework. Apache Cocoon suffers from an XML External Entity Injection vulnerability that arises from a network system or product that does not have the correct filters ...
Apache Cocoon SQL Injection Vulnerability
Apache Cocoon is the United States Apache Apache Foundation of a component-based Web development concepts built Web application framework. Apache Cocoon suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacke...
SQL Injection
Apache Cocoon is vulnerable to SQL Injection. The vulnerability is due to the DatabaseCookieAuthenticatorAction class improperly sanitizing parameters used in an SQL command. This issue can be exploited by an attacker by injecting malicious SQL commands resulting in SQL injection...
XML External Entity (XXE) Injection
Apache Cocoon is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper XML parsing configuration in the StreamGenerator class, which allows an attacker to submit a malicious XML document, resulting in XXE. An attacker can exploit this flaw to read arbitrary files o...
GHSA-77JG-CPW9-73VG Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2023-49733
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2023-49733
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2023-49733 Apache Cocoon's StreamGenerator is vulnerable to XXE injection
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2023-49733
CVE-2023-49733 affects Apache Cocoon 2.2.0 up to versions before 2.3.0. It is an XML External Entity (XXE) reference vulnerability due to improper restriction, enabling potentially sensitive data exposure and other impacts as described in the sources. The recommended remediations are upgrading to...
Apache Cocoon SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
GHSA-8V4W-JR33-4RH3 Apache Cocoon SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2022-45135
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
CVE-2022-45135
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...