278 matches found
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...
CVE-2023-25562 Failure to Invalidate Session on Logout in DataHub
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the AuthUtils.hasValidSessionCookie method could be bypassed by using a cookie from a logged out...
CVE-2023-25562 Failure to Invalidate Session on Logout in DataHub
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the AuthUtils.hasValidSessionCookie method could be bypassed by using a cookie from a logged out...
CVE-2023-25562 Failure to Invalidate Session on Logout in DataHub
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the AuthUtils.hasValidSessionCookie method could be bypassed by using a cookie from a logged out...
GitHub Security Lab: [CPP]: Add query for CWE-805: Buffer Access with Incorrect Length Value using some functions
Vulnerability description not provided...
GitHub Security Lab: [Go]: Add Beego.Input.RequestBody source to Beego framework
Vulnerability description not provided...
GitHub Security Lab: [python] TarSlip vulnerability improvements
Vulnerability description not provided...
GitHub Security Lab: C/C++: Command injection via wordexp
Vulnerability description not provided...
GitHub Security Lab: [CPP]: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc
Vulnerability description not provided...
GitHub Security Lab: [CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [Java]: CWE-625 - Query to detect regex dot bypass
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [JAVA]: Partial Path Traversal
This bug was reported directly to GitHub Security Lab...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
Cross site scripting
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...
CVE-2021-32862
CVE-2021-32862 is a cross-site scripting (XSS) vulnerability in nbconvert when generating HTML from user-controlled notebooks. The GitHub Security Lab disclosed sixteen routes to inject arbitrary HTML into HTML exports (e.g., nbviewer). Connected advisories confirm nbconvert is affected and provi...
GHSA-9JMQ-RX5F-8JWQ nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches Below is currently a duplicate of the original report: ---- Received on [email protected] unedited, I'm not sure if we want to make it separate advisories. Pasted raw for now, feel fr...
ownCloud: GitHub Security Lab (GHSL) Vulnerability Report: SQLInjection in FileContentProvider.kt (GHSL-2022-059)
Vulnerability description not provided...