39 matches found
CVE-2021-27736
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...
CVE-2020-12676
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack"...
EUVD-2021-14478
Malware in sbrugna...
EUVD-2020-4972
Malware in sbrugna...
EUVD-2022-7426
Malicious code in bioql PyPI...
CVE-2022-45921
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...
CVE-2020-7799
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...
Malicious code in fusionauth-cbor (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2406 Malicious code in fusionauth-cbor (npm)
--- -= Per source details. Do not edit below this line.=-...
Path Traversal
io.fusionauth:fusionauth-java-client is vulnerable to path traversal. An attacker is able to view or retrieve any file readable by the current user, via a maliciously crafted HTTP request, which allows the attacker to gain access to sensitive information in the system...
GHSA-RMCX-FG5W-X8J9 FusionAuth vulnerable to directory traversal attack
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...
FusionAuth vulnerable to directory traversal attack
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...
CVE-2022-45921
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...
CVE-2022-45921
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...
Design/Logic Flaw
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...
PT-2022-27687 · Unknown · Fusionauth
Name of the Vulnerable Software and Affected Versions: FusionAuth versions prior to 1.41.3 Description: The issue allows an attacker to view or retrieve files outside of the application root using an HTTP request. Specifically, an attacker may be able to access any file readable by the user runni...
CVE-2022-45921
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...
CVE-2022-45921
FusionAuth, prior to version 1.41.3, is vulnerable to a path traversal flaw that lets an HTTP request view or retrieve files outside the application root that are readable by the FusionAuth process user. The issue originates from handling requests outside the intended directory, enabling potentia...
FusionAuth 路径遍历漏洞
FusionAuth is FusionAuth open source a best-of-breed authentication solution built for developers. A security vulnerability exists in versions prior to FusionAuth 1.41.3 that stems from allowing files outside of the application root directory to be viewed or retrieved using HTTP requests...
CVE-2022-45921
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...