Origin Validation Error

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Origin Validation Error due the localhostaliases variable including "null" as a valid origin, when the server is deployed locally. An attacker can ma...

GHSA-89V2-PQFV-C5R9 Gradio's CORS origin validation accepts the null origin

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthorized requests fr...

Gradio 授权问题漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from an authorization issue vulnerability that stems from the localhostaliases variable containing "null" as a valid source wh...

GHSA-VVF8-2H68-9475 Duplicate Advisory: Keycloak Open Redirect vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w8gr-xwp4-r9f7. This link is maintained to preserve external references. Original Description A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

CVE-2024-8883

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

CVE-2024-8883

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

PT-2024-39298 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A misconfiguration flaw was found in Keycloak, allowing an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1. This...

Directus vulnerable to SSRF Loopback IP filter bypass

Impact If you're relying on blocking access to localhost using the default 0.0.0.0 filter this can be bypassed using other registered loopback devices like 127.0.0.2 - 127.127.127.127 Workaround You can block this bypass by manually adding the 127.0.0.0/8 CIDR range which will block access to any...

CVE-2024-46990

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...

CVE-2024-46990 SSRF Loopback IP filter bypass in directus

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...

CVE-2024-46990 SSRF Loopback IP filter bypass in directus

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...

CVE-2024-46990

Summary: CVE-2024-46990 affects Directus where blocking localhost via the default 0.0.0.0 filter can be bypassed using other loopback addresses (e.g., 127.0.0.2–127.127.127.127). Vulnerability details (supported by connected docs): Directus real-time API and app dashboard fails to restrict access...

CVE-2024-46990 SSRF Loopback IP filter bypass in directus

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...

Directus 访问控制错误漏洞

Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. An Access Control Error vulnerability exists in Directus versions prior to 10.13.2, which stems from the fact that when relying on the use of a default filter to block acces...