2 matches found
CVE-2024-6759 NFS client accepts file names containing path separators
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir3 and related functions to return filesystem entries with names containing additional path components. The lack of validation described...
Traffic Factory: WordPress Plugin Update Confusion at trafficfactory.com
Hi, I'm currently researching a "novel" supply chain attack affecting WordPress plugins, and I believe your website might be vulnerable. The way it works is similar to a recent Dependency Confusion attack, where a malicious actor can take over internal packages unclaimed on PyPI / npm registry. I...