EUVD-2024-3476

Malicious code in bioql PyPI...

CVE-2024-53441

An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in cookie-encrypter

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of cookie-encrypter Vulnerability Details CVEID:CVE-2024-53441 DESCRIPTION: An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack...

aldryn-django (=5.0.10.0), artd-customer (>=0.0.20 <=0.0.23) +65 more potentially affected by CVE-2024-56374 via django (>=5.0.0 <=5.0.10)

django PYPI version =5.0.0, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =1.0.0, =6.0.0, =2.8.1, =0.3.0, =0.35.0 and more Source cves: CVE-2024-56374 Source advisory: SNYK:PYTHON-DJANGO-8623541...

@eas-framework/server (>=1.0.1 <=1.5.8), express-nova-login (=1.0.0) +2 more potentially affected by CVE-2024-53441 via cookie-encrypter (=1.0.1)

cookie-encrypter NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on cookie-encrypter and may be impacted: - @eas-framework/server =1.0.1, =1.0.0, =1.6.3, =1.6.4 Source cves: CVE-2024-53441 Source advisory: OSV:GHSA-H63V-HW6G-X8HP...

CVE-2024-53441

An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack...

cookie-encrypter 安全漏洞

cookie-encrypter is a cookie encryption and decryption library by the individual developer Emmanuel Bourmalo. A security vulnerability exists in cookie-encrypter version v1.0.1, which stems from an issue with the index.js decryptCookie function that allows an attacker to perform a bit flipping...

CVE-2024-53441

An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack...

CVE-2024-53441

CVE-2024-53441 affects the cookie-encrypter library, specifically version 1.0.1, where a flaw in the index.js decryptCookie function enables a bit-flipping attack (AES-CBC) using the world-visible IV. This can allow an attacker to modify encrypted cookies without decrypting them, with a CVSSv3.1 ...

CVE-2024-53441

An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack...

Decryption Failure

illuminate/encryption is vulnerable to a Decryption Failure. The vulnerability is due to improper handling of encrypted payloads in the Laravel Encrypter component, allowing attackers to craft an encrypted payload, which upon decryption returns false, possibly resulting in unintended behavior in ...

GHSA-7852-W36X-6MF6 Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior

The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of false. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the...

Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior

The Laravel Encrypter component is susceptible to a vulnerability that may result in decryption failure, leading to an unexpected return of false. Exploiting this issue requires the attacker to manipulate the encrypted payload before decryption. When combined with weak type comparisons in the...

Laravel Encrypter Failure to decryption vulnerability

A potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. Depending on the code within your application, this could lea...

GHSA-6WJW-QF87-FV5V Laravel Encrypter Failure to decryption vulnerability

A potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. Depending on the code within your application, this could lea...

PT-2024-40153 · Laravel · Laravel Encrypter

Name of the Vulnerable Software and Affected Versions: Laravel Encrypter affected versions not specified Description: The issue affects the Laravel Encrypter component, potentially causing decryption failure and returning false. An attacker can exploit this by manipulating the encrypted payload...

PT-2024-40136 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel affected versions not specified Description: The issue concerns a potential exploit of the Laravel Encrypter component. This exploit may cause the Encrypter to fail during decryption and unexpectedly return false. To exploit this, an...

RansomHouse’s MrAgent Reshaping Automation in Cyber Attacks

Summary: The RansomHouse group, operating as a Ransomware-as-a-Service RaaS entity, has recently introduced a sophisticated tool named MrAgent aimed at automating the deployment of its data encrypter across multiple hypervisors. Threat Level - Amber | Attack Report For a detailed threat advisory,...

PHP Laravel Framework token Unserialize Remote Command Execution

This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x = 5.6.29. Remote Command...

CVE-2018-15133

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...