Lucene search
+L

6 matches found

OSV
OSV
added 2026/05/21 5:42 p.m.27 views

GHSA-7HH5-PRP2-MFH5 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...

8.5CVSS6.2AI score0.00439EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/02 11:33 p.m.19 views

SageMaker Python SDK has Exposed HMAC

Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified. Impact - Function and Payload...

8.5CVSS6.5AI score0.00455EPSS
Exploits0References8Affected Software1
Metasploit
Metasploit
added 2021/07/23 5:45 p.m.73 views

Apache Tapestry HMAC secret key leak

This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry. This key is located in the file AppModule.class by default and looks like the standard representation of UUID in hex digits hd : 6hd-4hd-4hd-4hd-12hd If the HMAC key has been changed to look differently, this...

10CVSS9.3AI score0.94089EPSS
Exploits5
GithubExploit
GithubExploit
added 2021/06/25 1:55 p.m.326 views

Exploit for Deserialization of Untrusted Data in Apache Tapestry

CVE-2021-27850 Exploit Overview CVE-2021-27850 is a...

10CVSS9.9AI score0.94089EPSS
Exploits5
NVD
NVD
added 2021/04/15 8:15 a.m.20 views

CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10CVSS0.94089EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2021/04/15 8:15 a.m.122 views

CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10CVSS9.2AI score0.94089EPSS
In wildExploits5References6Affected Software1
Rows per page
Query Builder