Brute Force

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Brute Force via the webhook authentication process. An attacker can gain unauthorized access by repeatedly attempting to guess shared secrets without restriction,...

Saleor 安全漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. A security vulnerability exists in Saleor Core that stems from vulnerability to timing attacks, which can be exploited by a...

CVE-2022-24912

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events...