ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5), ca.ibodrov.mica.docker:mica-standalone (>=0.0.27 <=0.0.34) +270 more potentially affected by CVE-2026-23901 via org.apache.shiro:shiro-core (>=2.0.0-alpha-1 <=2.0.6)

org.apache.shiro:shiro-core MAVEN version =2.0.0-alpha-1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =6.0.0, =8.0.0, =8.0.0, =2.2.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-23901 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-15253618...

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5), ca.ibodrov.mica.docker:mica-standalone (>=0.0.27 <=0.0.34) +270 more potentially affected by CVE-2026-23903 via org.apache.shiro:shiro-core (>=2.0.0-alpha-1 <=2.0.6)

org.apache.shiro:shiro-core MAVEN version =2.0.0-alpha-1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =6.0.0, =8.0.0, =8.0.0, =2.2.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-23903 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-15253617...

CVE-2020-10591

An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via...

ca.ibodrov.concord:repository-browser-plugin (>=1.0.0 <=1.0.1), ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5) +19 more potentially affected by CVE-2024-9823 via org.eclipse.jetty.ee8:jetty-ee8-servlets (>=12.0.0 <=12.0.29)

org.eclipse.jetty.ee8:jetty-ee8-servlets MAVEN version =12.0.0, =1.0.0, =2.0.3, =0.0.27, =0.0.27, =2.0.20, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.38.0 and more Source cves: CVE-2024-9823 Source advisory: OSV:GHSA-J26W-F9RQ-MR2Q...

concordtoys.net Cross Site Scripting vulnerability OBB-3895387

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

concordconsulting.net Improper Access Control vulnerability OBB-3857935

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

articles.concordmonitor.com Cross Site Scripting vulnerability OBB-3848535

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.0 <=2.0.2), ca.ibodrov.mica:mica-concord-server-plugin (>=0.0.2 <=0.0.21) +496 more potentially affected by CVE-2023-46749 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.12.0)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =2.0.0, =0.0.2, =5.1.0, =5.1.0, =5.1.0, =6.5.28, =6.5.28, =6.5.28, =6.5.28, =6.5.28, =2.2.0, =2.2.0, =2.2.0, =2.3.1 and more Source cves: CVE-2023-46749 Source advisory: OSV:GHSA-JC7H-C423-MPJC...

Malicious code in concord-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7557a87ec03b1b952655ca887ba93d78eb3e94a2674fbc2e2d2b86fae5272dc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-204 Malicious code in concord-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7557a87ec03b1b952655ca887ba93d78eb3e94a2674fbc2e2d2b86fae5272dc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

concord-express.de Cross Site Scripting vulnerability OBB-2802959

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +3017 more potentially affected by CVE-2022-32532 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.9.0)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.2, =1.0.0, =1.0.0, =2.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 and more Source cves: CVE-2022-32532 Source advisory: OSV:GHSA-4CF5-XMHP-3XJ7...

concordpodiatry.com Cross Site Scripting vulnerability OBB-2660901

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

concordmedspa.com Cross Site Scripting vulnerability OBB-2660896

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ai.h2o:sparkling-water-core_2.11 (>=3.32.0.1-2-2.1 <=3.36.0.2-1-2.4), ai.h2o:sparkling-water-doc_2.11 (>=3.34.0.3-1-2.2 <=3.36.0.2-1-2.4) +253 more potentially affected by CVE-2021-20218 via io.fabric8:kubernetes-client (>=4.2.0 <=4.7.1)

io.fabric8:kubernetes-client MAVEN version =4.2.0, =3.32.0.1-2-2.1, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =0.0.1, =1.9.51, =1.1.1, =7.4.1, =7.4.1play2.6, =23.1.0play2.7, =0.0.1, =0.0.1, =0.3.6, =0.2.0, =0.2.0, =0.3.9 and more Source cves: CVE-2021-20218 Source advisory: OSV:GHSA-JWH...

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +1469 more potentially affected by CVE-2016-4437 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.2.4)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =2.0.0, =0.0.2, =0.1, =0.1, =0.1, =2.1.0-RELEASE, =1.0, =1.0.3 - cn.org.awcp:awcp-formdesigner-application =1.0-RELEASE - cn.org.awcp:awcp-formdesigner-applicationImpl =1.0-RELEASE -...

ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.20), ca.ibodrov.concord:testcontainers-concord-core (>=0.0.21 <=2.0.2) +231 more potentially affected by CVE-2017-7561 via org.jboss.resteasy:resteasy-jaxrs (=3.1.4.Final)

org.jboss.resteasy:resteasy-jaxrs MAVEN version =3.1.4.Final is affected by a known vulnerability. The following packages have a transitive dependency on org.jboss.resteasy:resteasy-jaxrs and may be impacted: - ca.ibodrov.concord:testcontainers-concord =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.6.Fina...

ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.13), ca.vanzyl.concord:concord-k8s-server (>=0.0.1 <=0.0.10) +16 more potentially affected by CVE-2018-1051 via org.jboss.resteasy:resteasy-yaml-provider (>=3.1.0.Beta1 <=3.6.0.CR1)

org.jboss.resteasy:resteasy-yaml-provider MAVEN version =3.1.0.Beta1, =0.0.2, =0.0.1, =0.0.8, =1.18.0, =1.38.0, =1.44.0, =1.37.0, =1.44.0, =1.0.0, =1.18.0, =1.0.0, =1.0.0, =0.0.27, =0.0.11, =0.0.27, =0.0.31 and more Source cves: CVE-2018-1051 Source advisory: OSV:GHSA-M2FV-3RQM-G7P5...

Exposure of Sensitive Information to an Unauthorized Actor in Concord

An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via...

ca.vanzyl.concord.plugins:ccd-plugin (>=0.0.57 <=0.0.59), ca.vanzyl.concord.plugins:concord-k8s-plugin (>=0.0.1 <=0.9.3) +69 more potentially affected by CVE-2020-10591 via com.walmartlabs.concord:concord-common (>=1.0.0 <=1.43.0)

com.walmartlabs.concord:concord-common MAVEN version =1.0.0, =0.0.57, =0.0.1, =0.0.4, =0.0.1, =1.100.0, =1.0.0, =1.17.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.100.0, =1.0.0, =1.0.0, =1.103.1 and more Source cves: CVE-2020-10591 Source advisory:...