608 matches found
Authorization
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...
CVE-2021-27582
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...
CVE-2021-27582
MITREid Connect OpenID Connect server (MITREid Connect) before 1.3.3 is affected by a Mass Assignment (Autobinding) vulnerability in OAuthConfirmationController.java. The issue arises from unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, allowing HTTP request pa...
PT-2021-17521 · Mitre · Mitreid Connect
Name of the Vulnerable Software and Affected Versions: MITREid Connect versions through 1.3.3 Description: The OpenID Connect server implementation for MITREid Connect contains a Mass Assignment vulnerability, also known as Autobinding. This issue arises due to the unsafe usage of the...
Denial Of Service (DoS)
laravel/laravel is vulnerable to denial of service DoS. It is possible because it allows mass assignment of Eloquent attributes that included the model's table name...
CVE-2020-24940
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...
CVE-2020-24940
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...
Authentication flaw
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...
CVE-2020-24940
Laravel CVE-2020-24940 affects Laravel before 6.18.34 and 7.x before 7.23.2. The issue arises when unvalidated values are saved to the database in situations where table names are stripped during mass assignment, enabling unintended database writes. Connected records corroborate the affected vers...
CVE-2020-24940
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...
PT-2020-15863 · Taylor Otwell · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 6.18.34 Laravel versions 7.x prior to 7.23.2 Description: An issue allows unvalidated values to be saved to the database in certain situations where table names are stripped during mass assignment. Recommendations: F...
Amazon Linux AMI : rubygem-json (ALAS-2020-1423)
It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...
CVE-2019-17605
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...
CVE-2019-17605
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...
CVE-2019-17605
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...
CVE-2019-17605
CVE-2019-17605 affects eyecomms eyeCMS (≤2019-10-15). A mass-assignment flaw lets an attacker modify a candidate id and add a password parameter to take over another candidate’s account, resulting in the other user’s password being changed. This is reported alongside CVE-2019-17604, an Insecure D...
JSON gem has Improper Input Validation vulnerability
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
GHSA-X457-CW4H-HQ5F JSON gem has Improper Input Validation vulnerability
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
New Relic: Users can enable API access for free via mass assignment
Free tier users aren't allowed API access, but it's possible to bypass this restriction thanks to a mass assignment bug. To replicate this, first verify that you don't already have API access by visiting: Account Settings - API Explorer - Create an API Key You should see the message "This feature...
Auto-binding vulnerabilities and Spring MVC-vulnerability warning-the black bar safety net
Today to introduce a not very well-known vulnerability—auto binding vulnerability, or referred to as mass assignment in. Automatic binding capabilities in many of the frameworks are achieved, it allows the framework to automatically convert the HTTP request parameter bound to the object and to...