CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

CVE-2020-27196

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...

Jackson-databind 远程代码执行漏洞(CVE-2017-17485)

jackson-rce-via-spel An example project that exploits the default typing issue in Jackson-databind https://github.com/FasterXML/jackson-databind via Spring application contexts and expressions Context The Jackson-databind project has a feature called default-typing not enabled by default. When th...

LocalTapiola: Persistent XSS at verkkopalvelu.tapiola.fi using spoofed React element and React v.0.13.3

Hi, Background I noticed that the app at: https://verkkopalvelu.tapiola.fi/e2/autovakuutus/vakuutuslaskuri/ was running an old version of React. In this version 0.13.3 there's an issue, initially discovered by @danlec actually on HackerOne: http://danlec.com/blog/xss-via-a-spoofed-react-element T...