AZL-35441 CVE-2023-44487 affecting package docker-compose for versions less than 2.27.0-1

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Sirius - First Truly Open-Source General Purpose Vulnerability Scanner

Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Sca...

My SpringOne 2023 Recap

Hi, Spring fans! Look, it's Monday after the first in-person SpringOne of the 2020s and the first since the pandemic, and, being honest, I'm bushed! Vegas is a dizzying, sensational, overwhelming, exciting experience, and SpringOne is too. But it was worth it. The SpringOne show surpassed all...

PT-2023-23589

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...

AiCEF - An AI-assisted cyber exercise content generation framework using named entity recognition

AiCEF is a tool implementing the accompanying framework 1 in order to harness the intelligence that is available from online resources, as well as threat groups' activities, arsenal eg. MITRE, to create relevant and timely cybersecurity exercise content. This way, we abstract the events from the...

Exploit for Code Injection in Apache Airflow

Apache Airflow official report description says: A vulnerab...

Auto-GPT 代码注入漏洞

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. A code injection vulnerability exists in Auto-GPT versions prior to 0.4.3, which stems from a docker-compose.yml file located in the repository root directory that installs itself into a docker...

PT-2023-25876 · Autogpt · Autogpt

Name of the Vulnerable Software and Affected Versions: Auto-GPT versions prior to 0.4.3 Description: The issue arises from the use of a different docker-compose.yml file when running Auto-GPT by cloning the git repo and executing docker compose run auto-gpt in the repo root. This file mounts itse...

CVE-2023-36816

2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...

Cross site scripting

2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...

CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth

2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...

CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth

2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...

CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth

2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...

Critical Photon OS Security Update - PHSA-2023-4.0-0417

Updates of 'ntp', 'kube-bench', 'libXi', 'protobuf', 'bindutils', 'libarchive', 'docker-compose', 'libtiff', 'binutils-aarch64-linux-gnu', 'nodejs', 'samba-client', 'binutils' packages of Photon OS have been released...

This Week in Spring - June 27th, 2023

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I am in Seoul talking to developers about the latest-and-greatest in Spring Boot 3! There's so much great stuff coming, and so much great stuff already. There are a few things I'm super excited about. First, yesterda...

Important Photon OS Security Update - PHSA-2023-3.0-0604

Updates of 'binutils', 'docker-compose' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2023-5.0-0038

Updates of 'docker-compose' packages of Photon OS have been released...

Docker Compose Support in Spring Boot 3.1

Docker Compose support in Spring Boot 3.1 builds on top of the ConnectionDetails abstraction, which we've featured in a separate blog post. If you haven't already read it, please do so before reading this post. Docker Compose "is a tool for defining and running multi-container Docker applications...

Spring Boot 3.1's ConnectionDetails abstraction

If you've used Spring Boot for a while, you're probably familiar with setting up connection details using properties. For example, you may have used spring.datasource.url to configure a JDBC connection. In Spring Boot 3.1 this continues to work as you'd expect, but we've changed things a bit unde...

CVE-2023-33979

gptacademic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gptacademic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive...