2 matches found
PT-2024-19386 · Apache · Apache Answer
Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.2.1 Description: The issue affects Apache Answer, allowing a logged-in user to cause a Pixel Flood Attack by uploading large pixel files, which can cause the server to run out of memory. This can be done by...
Instacart: Server side request forgery on image upload for lists
Summary ---------- There is a Server-side request forgery when updating the image for a list. Steps to reproduce ----------------- 1. Create a list and change its image. That will send a POST request to https://beta.instacart.com/api/v2/lists/LISTID with the following parameters:...