XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

...

CVE-2024-31573

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet used for an XSLT transformation, because XSLT extension functions are enabled...

Function collision between extension functions and account functions

Lines of code Vulnerability details Impact Users or owner can't use extensions because of collision between extension functions and account functions Proof of Concept Whenever someone calls account it will check for functions inside it, if there isn't function it goes to fallback to check...

Collection 安全漏洞

Collection is a minimalist JavaScript library for working with collections of data by the individual developer kobezzza. A security vulnerability exists in Collection versions prior to 6.8.1, which stems from prototype contamination via extension functions in...

Kotlin DSLs in the world of Springdom

Kotlin is a beautiful language that makes it trivial to take old Java libraries and make them much more concise, just by virtue of the Kotlin syntax itself. It shines, however, when you write DSLs. Here's some inside baseball for you: the Spring teams do their level-headed best to be cohesive, to...

PYSEC-2014-83

The 1 extractkeysfrompdf and 2 fillpdf functions in pdfext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf...

Google Chrome multiple vulnerabilities - March 11 (Windows)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnmar11win.nasl 7044 2017-09-01 11:50:59Z teissa $ Google Chrome multiple vulnerabilities - March 11 Windows Authors: Sooraj KS Copyright: Copyright c 2011 Greenbone...

Design/Logic Flaw

Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors...

Google Fixes 19 Bugs in Chrome, Pays $14K in Bug Bounties

Google has released version 9.0.597.107 of its Chrome browser, fixing 19 security vulnerabilities and paying $14,000 in rewards to researchers in the process. The new version of Chrome, which Google released on Monday afternoon, includes fixes for 16 high-severity vulnerabilities and three bugs...