3 matches found
Exploit for Deserialization of Untrusted Data in Alibaba Fastjson
json.org CVE-2022-45688 true & false positive WTF ?? The p...
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries
Related UI vulnerability advisory: https://github.com/jaegertracing/jaeger-ui/security/advisories/GHSA-vv24-rm95-q56r Summary Jaeger UI is using the json-markup dependency to display span attributes and resources. This dependency is not sanitising keys of an object though, thus the KeyValuesTable...
GHSA-2W8W-QHG4-F78J A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries
Related UI vulnerability advisory: https://github.com/jaegertracing/jaeger-ui/security/advisories/GHSA-vv24-rm95-q56r Summary Jaeger UI is using the json-markup dependency to display span attributes and resources. This dependency is not sanitising keys of an object though, thus the KeyValuesTable...