EUVD-2024-0480

Malicious code in bioql PyPI...

Improper Certificate Validation

org.apache.dolphinscheduler: dolphinscheduler-common is vulnerable to Improper Certificate Validation. The vulnerability is due to a lack of certificate verification in the HttpUtils class. This allows an attacker to perform a Man-in-the-Middle MITM attack by impersonating the server...

Improper Certificate Validation in Apache DolphinScheduler

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle MITM attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which...

CVE-2023-49250

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle MITM attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which...

CVE-2023-49250

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle MITM attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which...

Hardcoded credentials

Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle MITM attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which...

Missing Authentication for Critical Function in Apache Calcite

"HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses this method internally to connect with Druid and Splunk so information leakage may happen when using the respective Calcite...

CVE-2020-13955

HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapter...

CVE-2020-13955

HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapter...

CVE-2020-13955

CVE-2020-13955 affects Apache Calcite: HttpUtils#getURLConnection disables hostname verification for HTTPS, enabling potential MITM attacks and information leakage when Calcite adapters connect to Druid or Splunk. The issue originates from a utility method that can be used to create vulnerable HT...

Design/Logic Flaw

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

CVE-2008-3656

The CVE-2008-3656 issue is a denial-of-service in WEBrick’s HTTP header handling: WEBrick::HTTPUtils.split_header_value in WEBrick::DefaultFileHandler backed by a backtracking regex causes CPU exhaustion when processing crafted HTTP requests. Affected Ruby versions include 1.8.5 and earlier, 1.8....

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

Algorithmic complexity vulnerability in the WEBrick

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...