32 matches found
EUVD-2018-11867
Malware in sbrugna...
EUVD-2022-1659
Malicious code in bioql PyPI...
CVE-2021-35475
SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...
CVE-2024-52297
Tolgee (open-source localization platform) vulnerability CVE-2024-52297: in version 3.81.1, all configuration properties were exposed publicly via PublicConfigurationDTO to users. Root cause: Public exposure of configuration data. Impact: high potential disclosure risk stated in sources; fixed in...
RHEL 6 : quarkus-core (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - quarkus-core: Leak of local configuration properties into Quarkus applications CVE-2024-2700 Note that Nessus has n...
CVE-2024-31867 Apache Zeppelin: LDAP search filter query Injection Vulnerability
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes...
CVE-2024-2700
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...
CVE-2024-2700 Quarkus-core: leak of local configuration properties into quarkus applications
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...
Quarkus 安全漏洞
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from the leakage of local configuration properties into Quarkus applications...
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Summary Grav CMS is vulnerable to a Server-Side Template Injection SSTI, which allows any authenticated user editor permissions are sufficient to execute arbitrary code on the remote server bypassing the existing security sandbox. Details The Grav CMS implements a custom sandbox to protect the...
Elasticsearch-hadoop Unsafe Deserialization
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue...
GHSA-RV74-M283-5J95 Elasticsearch-hadoop Unsafe Deserialization
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue...
CVE-2023-46674
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue...
Deserialization of untrusted data
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue...
CVE-2023-46674
CVE-2023-46674 applies to Elastic Elasticsearch-Hadoop, where unsafe deserialization of Java objects from Hadoop or Spark configuration properties that could be modified by an authenticated user enables arbitrary code execution on the target system. The issue is triggered when a local authenticat...
Securing Spring Boot Applications With SSL
Secure Sockets Layer SSL and Transport Layer Security TLS are key components of securing communications between systems in a layered or service-oriented architecture. Spring Boot applications in such an architecture often accept incoming network connections or create outgoing connections, and...
Interesting new filters on Spring Cloud Gateway 4.0
Spring Cloud Gateway 4.0 is finally here! Thanks to our community contributions we have introduced new features and interesting filters. This blog post details new noteworthy and explains some of the new filters included, how they work and how you can use it to provide more insights into your...
Interesting new filters on Spring Cloud Gateway 4.0
Spring Cloud Gateway 4.0 is finally here! Thanks to our community contributions we have introduced new features and interesting filters. This blog post details new noteworthy and explains some of the new filters included, how they work and how you can use it to provide more insights into your...
CVE-2022-21803
A flaw was found in the nconf library when setting the configuration properties. This flaw allows an attacker to provide a crafted property, leading to prototype object pollution...
CVE-2022-21803
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...