Design/Logic Flaw

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

CVE-2021-41231

OpenMage LTS (Magento LTS) is affected by CVE-2021-41231. The vulnerability allows an administrator with DataFlow upload permissions and the ability to create products to execute arbitrary code via the convert profile. Affected versions are prior to 19.4.22 and 20.0.19; these versions require a p...

GHSA-H632-P764-PJQM DataFlow upload remote code execution vulnerability

Impact An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile...

DataFlow upload remote code execution vulnerability

Impact An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile...

OpenMage Magento Lts 代码问题漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A code issue vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which originates from an administrator who has the right to upload files and create products via DataFlow, and can execute arbitrary code...

PT-2023-12376 · Unknown · Openmage Lts

Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue allows an administrator with the permissions to upload files via DataFlow and to create products to execute arbitrary code via the convert...

This Week in Spring - November 22nd, 2022 - Spring Boot 3 and Thanksgiving edition!

Hi, Spring fans! Its Tuesday, the 22nd of November, 2022, as I write this, which means were two days away from Spring Boot 3 and Thanksgiving. Spring Boot 3, Ive written about in abundance so I wont rehash that. If you want to learn more about some of the amazing new features in Spring Framework ...

Security Bulletin: Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046]

Summary Hortonworks DataFlow product for IBM has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45105, and CVE-2021-45046. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache...

This Week in Spring - September 27th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its the last week of September, already! The years more done than not. The days are receding into darkness earlier. And the Pumpkin Spice Lattes are upon us. The darker and colder days are kind of a bummer, but Im stil excite...

This Week in Spring - August 16th, 2022

Hi, Spring fans! Welcome to another wonder-filled installment of This Week in Spring! Its been a week! Sometimes I can scarcely believe it myself. And can you believe its August 16th already?? My daughters starting school this week! Were in the northern hemisphere, and Summer break is already ove...

[SECURITY] Fedora 36 Update: golang-github-apache-beam-2-2.33.0~RC1-8.fc36

Apache Beam is a unified model for defining both batch and streaming data-parallel processing pipelines, as well as a set of language-specific SDKs for constructing pipelines and Runners for executing them on distributed processing backends, including Apache Flink, Apache Spark, Google Cloud...

[SECURITY] Fedora 35 Update: golang-github-apache-beam-2-2.33.0~RC1-7.fc35

Apache Beam is a unified model for defining both batch and streaming data-parallel processing pipelines, as well as a set of language-specific SDKs for constructing pipelines and Runners for executing them on distributed processing backends, including Apache Flink, Apache Spark, Google Cloud...

DSAB path traversal vulnerability

DSAB is a dataflow algorithm benchmark. A benchmark designed to test the performance of various dataflow algorithms on multiple datasets in a simple way.DSAB suffers from a path traversal vulnerability that stems from the failure of the Flask sendfile function to properly filter special elements ...

DSAB 路径遍历漏洞

DSAB is a dataflow algorithm benchmark. A benchmark designed to test the performance of various dataflow algorithms on multiple datasets in a simple way.DSAB suffers from a path traversal vulnerability that stems from the failure of the Flask sendfile function to properly filter special elements ...

[SECURITY] Fedora 36 Update: golang-github-apache-beam-2-2.33.0~RC1-7.fc36

Apache Beam is a unified model for defining both batch and streaming data-parallel processing pipelines, as well as a set of language-specific SDKs for constructing pipelines and Runners for executing them on distributed processing backends, including Apache Flink, Apache Spark, Google Cloud...

com.mozu:mozu-api-jobs (>=1.0.13 <=1.0.23), gradle.plugin.com.atc.gradle.plugins.xd:spring-xd-deploy-plugin (>=0.0.1 <=0.0.8) +25 more potentially affected by CVE-2018-1229 via org.springframework.batch:spring-batch-admin-manager (>=1.3.0.RELEASE <=1.3.1.RELEASE)

org.springframework.batch:spring-batch-admin-manager MAVEN version =1.3.0.RELEASE, =1.0.13, =0.0.1, =1.3.1.RELEASE, =1.6.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.7.3.RELEASE -...

bigbang (>=0.0.6 <=0.0.9), bruteforus (=0.1.0) +8 more potentially affected by CVE-2020-36463 via multiqueue (=0.3.2)

multiqueue CARGO version =0.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on multiqueue and may be impacted: - bigbang =0.0.6, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.1.6, =0.2.0, =0.5.0 Source cves: CVE-2020-36463 Source advisory:...

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

Google on Tuesday released a new version of Chrome web-browsing software for Windows, Mac, and Linux with patches for two newly discovered security vulnerabilities for both of which it says exploits exist in the wild, allowing attackers to engage in active exploitation. One of the two flaws...