CVE-2023-25560

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

Authentication flaw

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

CVE-2023-25560

Summary of CVE-2023-25560 (DataHub) : The vulnerability affects DataHub’s AuthServiceClient, responsible for account creation, credential verification, reset, and token requests. It arises from crafting multiple JSON strings with user-controlled data via format strings, enabling an attacker to au...

CVE-2023-25560 JSON Injection in DataHub

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

CVE-2023-25560 JSON Injection in DataHub

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...