2 matches found
USN-5245-1: Apache Maven vulnerability
It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model pom even if the repositories weren't encrypted http protocol. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service...
Legal Robot: Account profile shows encryption recovery box for all users
A security researcher discovered that the encryption recovery section on the Legal Robot account profile page was shown to all users, even those that were not using the feature. There was no security impact from any user seeing or using the feature - quite the opposite, in fact. However, when...