27 matches found
CVE-2026-40942
The DSF vulnerability CVE-2026-40942 affects the OIDC JWKS and Metadata Document caches (and the OIDC token cache for FHIR client connections) prior to version 2.1.0, where an inverted time comparison (isBefore vs isAfter) caused the cache to never return cached values and never invalidate, resul...
CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...
dev.dsf:dsf-maven-plugin (>=2.0.0 <=2.1.0) potentially affected by CVE-2026-40942 via dev.dsf:dsf-bpe-process-api-v2 (>=2.0.0-M3 <=2.1.0)
dev.dsf:dsf-bpe-process-api-v2 MAVEN version =2.0.0-M3, =2.0.0, =2.1.0 Source cves: CVE-2026-40942 Source advisory: OSV:GHSA-XMJ9-7625-F634...
dev.dsf:dsf-bpe-server-jetty (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40942 via dev.dsf:dsf-bpe-server (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-bpe-server MAVEN version =1.0.0-M1, =1.0.0, =1.9.0 Source cves: CVE-2026-40942 Source advisory: OSV:GHSA-XMJ9-7625-F634...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...
dev.dsf:dsf-bpe-server-jetty (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-bpe-server (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-bpe-server MAVEN version =1.0.0-M1, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540564...
dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540567...
dev.dsf:dsf-bpe-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-common-jetty (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-common-jetty MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540565...
dev.dsf:dsf-bpe-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-common-jetty (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-common-jetty MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: OSV:GHSA-GJ7P-595X-QWF5...
dev.dsf:dsf-bpe-process-api-v1 (>=1.0.0 <=1.9.0), dev.dsf:dsf-bpe-server (>=1.0.0 <=1.9.0) +10 more potentially affected by CVE-2026-40939 via dev.dsf:dsf-common-auth (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-common-auth MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0-RC1 Source cves: CVE-2026-40939 Source advisory: SNYK:JAVA-DEVDSF-16540566...
dev.dsf:dsf-fhir-server-jetty (>=1.0.0 <=1.9.0), dev.dsf:dsf-tools-test-data-generator (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-fhir-server (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-fhir-server MAVEN version =1.0.0-M1, =1.0.0, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: OSV:GHSA-GJ7P-595X-QWF5...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...
dev.dsf:dsf-bpe-server-jetty (>=1.0.0 <=1.9.0) potentially affected by CVE-2026-40939 via dev.dsf:dsf-bpe-server (>=1.0.0-M1 <=1.9.0)
dev.dsf:dsf-bpe-server MAVEN version =1.0.0-M1, =1.0.0, =1.9.0 Source cves: CVE-2026-40939 Source advisory: OSV:GHSA-GJ7P-595X-QWF5...
Malicious code in jurss-dsf-as (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b177587ee9a76ddda2d7b68b5fbc3bd94de5d4a572ad4d923f1a9bde9cc75f6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2022-27236
Malicious code in bioql PyPI...
CVE-2022-22082
Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
atuin (>=0.3.0 <=11.0.0), atuin-client (>=0.6.2 <=11.0.0) +27 more potentially affected by unknown CVE via chrono-english (=0.1.8)
chrono-english CARGO version =0.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on chrono-english and may be impacted: - atuin =0.3.0, =0.6.2, =0.6.2, =0.1.0, =1.9.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.4.2, =0.4.0, =0.7.0, =0.0.4, =1.0.0 and more Sour...
How to use DSF Collections & Index Patterns – A Tutorial
In conventional terminology, Imperva Data Security Fabric DSF is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting Playbooks, and self-service data discovery Kibana-based Discover. Imperva DSF is purpose-built for data...
Imperva is an Overall Leader in the 2023 KuppingerCole Leadership Compass Data Security Platforms Report
Imperva is a leader in every category – Market, Innovation, and Product Imperva, Inc., @Imperva the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, is an Overall Leader in the 2023 KuppingerCole Leadership Compass for Data Security Platforms. Previousl...