CVE-2024-12580

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...

CVE-2024-10366

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

CVE-2024-11167 Improper Access Control in danny-avila/librechat

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user...

CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

CVE-2024-12580 Logs Debug Injection in danny-avila/librechat

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...

CVE-2024-10361 Arbitrary File Deletion via Path Traversal in danny-avila/librechat

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit thi...

CVE-2024-11170 Path Traversal in danny-avila/librechat

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6...

CVE-2024-11170 Path Traversal in danny-avila/librechat

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6...

LibreChat 安全漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A security vulnerability exists in LibreChat versions prior to 0.7.6, which stems from an unvalidated parameter and could lead to a log injection attack...

WordPress Social Sharing (by Danny) Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS)

Software Social Sharing by Danny Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9704 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88d510b46b3a Credits Peter Thaleikis...

danny-adams.com Cross Site Scripting vulnerability OBB-3695109

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

What Does Fishing for Rebar Have to Do with Building a More Sustainable Internet?

Danny Lewin Community Care Days DLCCDs are a celebration of our late co-founder Danny Lewin’s generous spirit and his tenacious appetites for collaboration, innovation, and especially giving back to our global community. DLCCDs bring to life our values and empower all Akamai employees to voluntee...

CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)

Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS, which could result in information disclosure issues involving the Automox infrastructure. CVE-2021-26908 describes a vulnerability where Automox Agent improperly logs sensitive information on...

Akamai Titans 2020: Celebrating Outstanding Achievements

To Akamai's Co-Founder Danny Lewin, calling someone a "Titan" was the highest praise he would give. Danny himself was a remarkably talented and hard-working leader whose heart, passion, and spirit still inspire us. Today, Danny's accolade is used to honor those exceptional people who are known fo...

Akamai Titans 2020: Celebrating Outstanding Achievements

To Akamai's Co-Founder Danny Lewin, calling someone a "Titan" was the highest praise he would give. Danny himself was a remarkably talented and hard-working leader whose heart, passion, and spirit still inspire us...

Giving Back through Danny Lewin Community Care Days

Akamai was fortunate to have Danny Lewin as a co-founder and role model for our business, our culture, and our sense of adventure and accomplishment. It was Danny who helped to instill the Big Idea that we would change the...

Ubuntu 14.04 LTS : Apache Ant vulnerability (USN-3721-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3721-1 advisory. Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially...

Fedora 27 : plexus-archiver (2018-6c55e1f79c)

Security fix: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file CVE-2018-1002200 A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attack...

plexus security update

CentOS Errata and Security Advisory CESA-2018:1836 An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: rh-maven33-plexus-archiver and rh-maven35-plexus-archiver security update

An update for rh-maven33-plexus-archiver and rh-maven35-plexus-archiver is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...