4 matches found
Improper Handling of Insufficient Privileges
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the FileItemDTO component. An attacker can access metadata of files and sub-folders in any folder, including id, type, name, and other fields, by sending authenticated web service queries...
Automatic named constructor discovery in Valinor
Design issue - automatic constructor discovery The issue arises when upgrading from cuyz/valinor:0.3.0 to a newer system on an existing application, which broke due to the wrong constructor being picked. Still, a bigger security concern is problematic, and it is akin to...
GHSA-XHR8-MPWQ-2RR2 Automatic named constructor discovery in Valinor
Design issue - automatic constructor discovery The issue arises when upgrading from cuyz/valinor:0.3.0 to a newer system on an existing application, which broke due to the wrong constructor being picked. Still, a bigger security concern is problematic, and it is akin to...
Sql injection
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters...