14 matches found
CVE-2026-52796
Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not...
CVE-2026-52796 Gogs: DoS in rendering issue index pattern
Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not...
CVE-2026-52796
Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not...
CVE-2026-52796
CVE-2026-52796 / GHSA-4J89-2C4F-44C6 : Gogs before 0.14.3 is vulnerable to a DoS caused by a rendering panic in the issue index pattern. The bug arises when rendering the index link in internal/markup/markup.go: com.Expand is fed a pattern containing an opening brace “{” but no matching “}”, lead...
Gogs has DoS in rendering issue index pattern
Summary Special template of issue index pattern may cause panic. Details in internal/markup/markup.go go link = fmt.Sprintf%s, com.Expandmetas"format", metas, m Issue index pattern is rendered to link with com.Expand. However, com.Expand is not safe. go i = strings.Indextemplate, "" if s, ok :=...
PT-2026-51456
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A specially crafted issue index pattern can cause a panic during rendering, leading to a denial of service. In the internal/markup/markup.go file, the RenderIssueIndexPattern function uses com.Expand t...
OpenSearch vulnerable to improper authorization for Rollover Requests
Description A flaw was identified in the OpenSearch Security plugin's handling of index rollover requests. When a rollover request included an explicit target index name, the security plugin did not properly evaluate access control permissions against the target index. This could allow a user wit...
How to use DSF Collections & Index Patterns – A Tutorial
In conventional terminology, Imperva Data Security Fabric DSF is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting Playbooks, and self-service data discovery Kibana-based Discover. Imperva DSF is purpose-built for data...
GHSA-M6GG-86C6-GFR9 Withdrawn: Cross-site Scripting in Kibana
Withdrawn: This advisory is for Kibana, not ElasticSearch as it was originally published, and is withdrawn as being out of scope of our supported ecosystems. A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could...
CVE-2022-23710
A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...
CVE-2022-23710
A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...
Cross site scripting
A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim’s browser...
CVE-2022-23710
CVE-2022-23710 is an XSS vulnerability in Kibana’s Data Preview Pane (Index Pattern Preview Pane). The issue stems from insufficient input filtering/escaping, allowing arbitrary JavaScript in a victim’s browser. Affected products/versions include Kibana self-managed 7.15.x (and related Elastic St...
Cross-site Scripting (XSS)
kibana is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the index pattern allowing an attacker to inject maliciously crafted script via the index pattern...