Lucene search
K

23 matches found

GithubExploit
GithubExploit
added 2026/05/29 9:32 a.m.107 views

Exploit for CVE-2026-40564

CVE-2026-40564: SSRF via FlinkSessionJob.spec.job.jarURI in fl...

5.8AI score0.0049EPSS
Exploits3
Snyk
Snyk
added 2026/05/26 6:40 p.m.8 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the jarURI parameter in FlinkSessionJob's validateSessionJob, which is not properly validated. A user with Custom Resource create permissions can access arbitrary files from the...

7.1CVSS5.9AI score0.0049EPSS
Exploits3References3
NVD
NVD
added 2026/05/26 4:16 p.m.18 views

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

6.5CVSS0.0049EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/05/26 2:38 p.m.43 views

CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

0.0049EPSS
Exploits3References1
EUVD
EUVD
added 2026/05/26 2:38 p.m.22 views

EUVD-2026-31846

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

5.8AI score0.0049EPSS
Exploits3References1
CVE
CVE
added 2026/05/26 2:38 p.m.22 views

CVE-2026-40564

The CVE concerns Apache Flink Kubernetes Operator where FlinkSessionJob.jarURI is not validated. In versions 1.3.0 through 1.14.x (up to 1.15.0), a user with CR create permissions can cause the operator pod to fetch arbitrary URLs or access the pod’s filesystem via the jarURI, enabling SSRF and l...

6.5CVSS5.8AI score0.0049EPSS
Exploits3References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43265

Name of the Vulnerable Software and Affected Versions Apache Flink Kubernetes Operator versions 1.3.0 through 1.14.x Description A Server-Side Request Forgery SSRF and local file access issue exists where the jarURI in FlinkSessionJob is not validated. This allows a user with CR create permission...

6.8CVSS5.8AI score0.0049EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.24 views

Scientific Linux Security Update : firefox on SL5.x, SL4.x i386/x86_64

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. CVE-2007-5947 Several flaws were found in the way Firefox processed certain...

9.3CVSS8.2AI score0.05443EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.26 views

Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64

A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. CVE-2007-5947 Several flaws were found in the way SeaMonkey processed...

9.3CVSS8.2AI score0.05443EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2012/02/08 12:0 a.m.36 views

Mozilla Firefox 10.0 Local Null Byte Bypass File Check Execution

...

6.8CVSS9.5AI score0.01751EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2009/06/25 3:7 p.m.4 views

view-source: protocol

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

6.8CVSS7.5AI score0.02183EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/06/25 2:54 p.m.3 views

view-source: protocol

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

6.8CVSS7.5AI score0.02183EPSS
Exploits0References4
NVD
NVD
added 2009/04/22 6:30 p.m.20 views

CVE-2009-1307

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

6.8CVSS5.8AI score0.02183EPSS
Exploits0References38
Prion
Prion
added 2009/04/22 6:30 p.m.23 views

Design/Logic Flaw

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

6.8CVSS7.2AI score0.02183EPSS
Exploits0References38Affected Software1
Cvelist
Cvelist
added 2009/04/22 6:0 p.m.34 views

CVE-2009-1307

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

7.7AI score0.02183EPSS
Exploits0References38
CVE
CVE
added 2009/04/22 6:0 p.m.164 views

CVE-2009-1307

CVE-2009-1307 is evidenced in connected documents as a vulnerability in the view-source: URI handling in Mozilla Firefox before 3.0.9 (also affecting Thunderbird and SeaMonkey) that breaks the Same Origin Policy. It enables remote attackers to bypass cross-domain restrictions and connect to arbit...

6.8CVSS9.2AI score0.02183EPSS
Exploits0References38Affected Software3
RedHat Linux
RedHat Linux
added 2009/04/21 11:44 p.m.2 views

view-source: protocol

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

6.8CVSS7.5AI score0.02183EPSS
Exploits0References4
securityvulns
securityvulns
added 2007/11/27 12:0 a.m.144 views

Mozilla Foundation Security Advisory 2007-37

Mozilla Foundation Security Advisory 2007-37 Title: jar: URI scheme XSS hazard Impact: High Announced: November 26, 2007 Reporter: Jesse Ruderman, Petko D. Petkov, beford.org Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.10 SeaMonkey 1.1.7 Description The jar: URI scheme was introduced as ...

4.3CVSS5.4AI score0.02712EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/11/27 12:0 a.m.27 views

Firefox < 2.0.0.10 Multiple Vulnerabilities

The installed version of Firefox is affected by various security issues : - Three bugs that can result in crashes with traces of memory corruption - A cross-site scripting vulnerability involving support for the 'jar:' URI scheme - A timing issue when setting the 'window.location' property that...

9.3CVSS5.7AI score0.05443EPSS
Exploits1References6
Mozilla
Mozilla
added 2007/11/26 12:0 a.m.37 views

jar: URI scheme XSS hazard — Mozilla

The jar: URI scheme was introduced as a mechanism to support digitally signed web pages, enabling web sites to load pages packaged in zip archives containing signatures in java-archive format...

4.3CVSS0.1AI score0.02712EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder