19 matches found
form-data-objectizer 安全漏洞
form-data-objectizer is a form data-to-object conversion tool developed by Kasper Stöckel. Versions of form-data-objectizer prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of filtering for proto, constructor, or prototype when handling bracket notati...
CVE-2025-1243
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
EUVD-2025-2097
Malicious code in bioql PyPI...
SUSE CVE-2025-1243
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
Improper Data Encryption
Temporal api-go is vulnerable to Improper Data Encryption. The vulnerability is due to missing Data Converter transformations due to the update response information not being processed by the Data Converter when using a gRPC proxy with the api-go module, leading to unencrypted data exposure...
GHSA-Q9W6-CWJ4-GF4P Unencrypted transmission in Temporal api-go library
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
Unencrypted transmission in Temporal api-go library
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243
Temporal api-go library prior to v1.44.1 fails to send update response data to Data Converter when used in a gRPC proxy during UpdateWorkflowExecution, causing incomplete Data Converter transformations (e.g., encryption) on the update response field. This occurs only when using the UpdateWorkflow...
api-go 安全漏洞
api-go is an interface program from temporal open source. A security vulnerability exists in api-go versions prior to 1.44.1, which stems from the use of a proxy that does not send update response messages to the Data Converter...
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...
GHSA-GM2G-2XR9-PXXJ Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...
Race condition
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...
CVE-2023-3485 Insecure Default Authorization in Temporal Server
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...
PT-2023-25032
Name of the Vulnerable Software and Affected Versions: Temporal Server versions prior to 1.20 Description: Insecure defaults in the open-source Temporal Server allow an attacker to craft a task token with access to a namespace other than the one specified in the request. This can be done outside ...
Insecure Default Initialization of Resource
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...