13 matches found
CVE-2026-46614
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object,...
CVE-2026-46614
CVE-2026-46614 affects Fission router prior to v1.23.0, where internal routes /fission-function/ and /fission-function// were registered on the same public listener as HTTPTriggers. This allowed any caller that could reach the router to invoke any Function by guessing metadata.name/namespace, byp...
EUVD-2026-36090
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object,...
Fission 访问控制错误漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.23.0 contained a access control vulnerability. This vulnerability stemmed from routers registering internal routes for each Function object, allowing any caller who has access to the router...
PT-2026-42685
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The Fission router registers internal routes '/fission-function/' and '/fission-function//' for every function object, regardless of whether an HTTPTrigger exists. Because these routes are mounted o...
Next.js Framework 9.5.x < 15.5.3 / 16.x < 16.1.7 HTTP Request Smuggling (GHSA-ggv3-7p47-pfv8)
The Next.js Framework on the remote host is affected by an HTTP request smuggling vulnerability: - A vulnerability exists in Next.js proxy rewrites where a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary disagreement between the proxy and backend. An...
EUVD-2022-3155
Malicious code in bioql PyPI...
gotribe-admin 安全漏洞
gotribe-admin is a Go + Vue developed small cms solution by gotribe open source. A security vulnerability exists in gotribe-admin version 1.0, which stems from the function InitRoutes in the file internal/app/routes/routes.go that causes deserialization...
Symfony Access Control Vulnerability
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /internal substring...
CVE-2012-6432
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /internal substring...
CVE-2012-6432
Summary (concrete details from provided sources): CVE-2012-6432 affects Symfony 2.0.x up to 2.0.19, Symfony 2.1.x up to 2.1.4, and 2.2-dev, when the internal routes configuration is enabled. A vulnerability in the internal routing mechanism, via URIs starting with /_internal, allows an attacker t...
Security release: Symfony 2.0.20 and 2.1.5 released
Log in to add a reaction to this post add a reaction ❤️ 👍 🚀 Symfony 2.0.20 and Symfony 2.1.5 have just been released and they both contain two security fixes. CVE-2012-6431: Routes behind a firewall are accessible even when not logged in Affected versions All versions from 2.0.0 to 2.0.19 are...
Code execution vulnerability via the "internal" routes
More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...