4 matches found
CVE-2026-42459 free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...
CVE-2025-69250
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages e.g., strconv.ParseInt parsing errors to remote clients when processi...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the authentication process. An attacker can obtain sensitive internal error information by submitting a login attempt with a deleted client secret. Remediation A fix was pushed into the master branch but not yet...
GHSA-C2J7-66M3-R4FF JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
Impact When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact...