11 matches found
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company...
EUVD-2025-7667
Malicious code in bioql PyPI...
SUSE CVE-2025-25294
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...
CVE-2025-25294
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...
CVE-2025-25294 Envoy Gateway Log Injection Vulnerability
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...
CVE-2025-25294 Envoy Gateway Log Injection Vulnerability
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...
CVE-2025-25294 Envoy Gateway Log Injection Vulnerability
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...
CVE-2025-25294
Envoy Gateway has a log injection vulnerability in its default Envoy Proxy access log configuration on affected releases prior to 1.2.7 and 1.3.1. A crafted user-agent could trigger JSON injection, allowing modification of the access log. The issue is fixed in 1.2.7 and 1.3.1 by updating EnvoyPro...
MAL-2024-5632 Malicious code in py-json-formatter (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in py-json-formatter (PyPI)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-34363
A flaw was found in Envoy's access log JSON formatter. This flaw allows a remote, unauthenticated attacker to trigger an abnormal process termination, causing a denial of service...