@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

GHSA-M99F-MMVG-3XMX AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...

EUVD-2017-0062

Malware in sbrugna...

EUVD-2017-0063

Malware in sbrugna...

EUVD-2010-1223

Malware in sbrugna...

EUVD-2023-51739

Malicious code in bioql PyPI...

Information Disclosure

api-platform/core is vulnerable to Information disclosure. The vulnerability is due to improper handling of exception messages, where non-HTTP exceptions are not sanitized and are directly included in the JSON error response, allows potentially sensitive internal information to be exposed to...

CVE-2023-47639

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5...

Information Exposure

Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Information Exposure through the JSON error response. An attacker can obtain sensitive information by exploiting the visibility of exception messages...

CVE-2023-47639

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5...

CVE-2023-47639

CVE-2023-47639 affects API Platform Core. From versions 3.2.0 through 3.2.4, exception messages that are not HTTP exceptions are exposed in the JSON error response, potentially leaking sensitive internal information. The issue is resolved in version 3.2.5. Affected component is API Platform Core’...

CVE-2023-47639 API Platform Core can leak exceptions message that may contain sensitive information

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5...

CVE-2023-47639 API Platform Core can leak exceptions message that may contain sensitive information

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5...

CVE-2023-47639 API Platform Core can leak exceptions message that may contain sensitive information

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5...

GHSA-RFW5-CQJJ-7V9R API Platform Core can leak exceptions message that may contain sensitive information

Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. Details While we wanted to make our errors compatible with the JSON Problem specification, we ended up handling more exceptions then we did previously introduced at...

API Platform Core can leak exceptions message that may contain sensitive information

Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. Details While we wanted to make our errors compatible with the JSON Problem specification, we ended up handling more exceptions then we did previously introduced at...

API Platform Core 安全漏洞

API Platform Core is a server component of API Platform open source by API Platform. A security vulnerability exists in API Platform Core version 3.2.0 that stems from a non-HTTP exception message being visible in a JSON error response...

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

Fedora 38 : python-jupyter-server (2023-8816029058)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8816029058 advisory. Security fix for CVE-2023-49080 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2023-49080 Jupyter Server errors include tracebacks with path information

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...