2 matches found
Privilege Escalation Through Multipart Content Pollution
spring-core is vulnerable to multipart content pollution. The application uses an insecure number generator to generate the multipart boundary parameter value, allowing a malicious user to make a informed guess the multipart boundary parameter value. A malicious user can potentially perform a...
Insecure Number Generator
github.com/markbates/goth is vulnerable to insecure number generator. The SetState function in gothic.go uses math/rand which is a weak random number generator and not robust enough to withstand a cryptographic attack against it...