Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`

Impact A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: "/Users/foo/resources" When passing relative paths to these two vulnerabl...

GHSA-6V7P-V754-J89V HTTP Response Splitting in Styx

Vulnerability Styx is vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting'. Vulnerable Component The vulnerable component is the com.hotels.styx.api.HttpHeaders.Builder due to disabling the HTTP Header validation built into Netty in these...

HTTP Response Splitting in Styx

Vulnerability Styx is vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting'. Vulnerable Component The vulnerable component is the com.hotels.styx.api.HttpHeaders.Builder due to disabling the HTTP Header validation built into Netty in these...

JetBrains Security Bulletin Q1 2019

FYI Security JetBrains Security Bulletin Q1 2019 Robert Demmer This bulletin summarizes the security vulnerabilities detected in JetBrains products and remediated in the first quarter of 2019. These include issues reported by Jonathan Leitschuh potentially exposing a product user or a project’s...