9 matches found
Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API
Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API. It was discovered that the API response /api/plugins.json and related endpoints unintentionally includes internal instance variables of loaded plugins. If any plugins store sensitive...
PT-2026-53003
Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description The Monitor Agent plugin in monitor agent exposes internal metrics and plugin information through a REST API. The responses from the /api/plugins.json endpoint and related endpoints unintentionally...
CVE-2021-28373
The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...
EUVD-2025-34709
Malicious code in internal-plugin-lifecycle-card npm...
Malicious code in internal-plugin-lifecycle-card (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 332aa89488a5ecb7012588f98648ef97de374565f906dfc69ff80d4d344e9a03 The OpenSSF Package Analysis project identified 'internal-plugin-lifecycle-card' @ 99.9.10 npm as malicious. It is considered malicious because:...
MAL-2025-48434 Malicious code in internal-plugin-lifecycle-card (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 332aa89488a5ecb7012588f98648ef97de374565f906dfc69ff80d4d344e9a03 The OpenSSF Package Analysis project identified 'internal-plugin-lifecycle-card' @ 99.9.10 npm as malicious. It is considered malicious because:...
MAL-2025-6166 Malicious code in internal-plugin-telemetry-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d9d94ab30d6ec88b722127b9f7fcd84c80e7e5bc2fda3c7865104dea4a0fcc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in internal-plugin-telemetry-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d9d94ab30d6ec88b722127b9f7fcd84c80e7e5bc2fda3c7865104dea4a0fcc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2021-28373
The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...