Lucene search
+L

608 matches found

Prion
Prion
added 2021/02/23 6:15 p.m.21 views

Authorization

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

6.4CVSS9.1AI score0.02222EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/02/23 5:58 p.m.45 views

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

9.4AI score0.02222EPSS
Exploits1References3
CVE
CVE
added 2021/02/23 5:58 p.m.81 views

CVE-2021-27582

MITREid Connect OpenID Connect server (MITREid Connect) before 1.3.3 is affected by a Mass Assignment (Autobinding) vulnerability in OAuthConfirmationController.java. The issue arises from unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, allowing HTTP request pa...

9.1CVSS9.1AI score0.02222EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/23 12:0 a.m.8 views

PT-2021-17521 · Mitre · Mitreid Connect

Name of the Vulnerable Software and Affected Versions: MITREid Connect versions through 1.3.3 Description: The OpenID Connect server implementation for MITREid Connect contains a Mass Assignment vulnerability, also known as Autobinding. This issue arises due to the unsafe usage of the...

9.1CVSS8.9AI score0.02222EPSS
Exploits1References11
Veracode
Veracode
added 2020/09/07 1:33 a.m.19 views

Denial Of Service (DoS)

laravel/laravel is vulnerable to denial of service DoS. It is possible because it allows mass assignment of Eloquent attributes that included the model's table name...

7.5CVSS3.9AI score0.01203EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2020/09/04 2:15 a.m.28 views

CVE-2020-24940

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...

7.5CVSS7.4AI score0.01203EPSS
Exploits0References1
OSV
OSV
added 2020/09/04 2:15 a.m.17 views

CVE-2020-24940

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...

7.5CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2020/09/04 2:15 a.m.17 views

Authentication flaw

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...

4.3CVSS7.4AI score0.01203EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/04 1:28 a.m.70 views

CVE-2020-24940

Laravel CVE-2020-24940 affects Laravel before 6.18.34 and 7.x before 7.23.2. The issue arises when unvalidated values are saved to the database in situations where table names are stripped during mass assignment, enabling unintended database writes. Connected records corroborate the affected vers...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2020/09/04 1:28 a.m.40 views

CVE-2020-24940

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...

7.5CVSS7.3AI score0.01203EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/09/04 12:0 a.m.15 views

PT-2020-15863 · Taylor Otwell · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 6.18.34 Laravel versions 7.x prior to 7.23.2 Description: An issue allows unvalidated values to be saved to the database in certain situations where table names are stripped during mass assignment. Recommendations: F...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/08/31 12:0 a.m.47 views

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References3
NVD
NVD
added 2019/11/07 4:15 p.m.16 views

CVE-2019-17605

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...

8.8CVSS5AI score0.01083EPSS
Exploits1References2
OSV
OSV
added 2019/11/07 4:15 p.m.5 views

CVE-2019-17605

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...

8.8CVSS6.5AI score0.01083EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/11/07 3:21 p.m.22 views

CVE-2019-17605

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...

5.6AI score0.01083EPSS
Exploits1References2
CVE
CVE
added 2019/11/07 3:21 p.m.35 views

CVE-2019-17605

CVE-2019-17605 affects eyecomms eyeCMS (≤2019-10-15). A mass-assignment flaw lets an attacker modify a candidate id and add a password parameter to take over another candidate’s account, resulting in the other user’s password being changed. This is reported alongside CVE-2019-17604, an Insecure D...

8.8CVSS5AI score0.01083EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.51 views

JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS4.9AI score0.13911EPSS
Exploits0References22Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.47 views

GHSA-X457-CW4H-HQ5F JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.1AI score0.13911EPSS
Exploits0References22
Hacker One
Hacker One
added 2017/09/12 3:37 p.m.39 views

New Relic: Users can enable API access for free via mass assignment

Free tier users aren't allowed API access, but it's possible to bypass this restriction thanks to a mass assignment bug. To replicate this, first verify that you don't already have API access by visiting: Account Settings - API Explorer - Create an API Key You should see the message "This feature...

2.7AI score
Exploits0
myhack58
myhack58
added 2017/06/17 12:0 a.m.1074 views

Auto-binding vulnerabilities and Spring MVC-vulnerability warning-the black bar safety net

Today to introduce a not very well-known vulnerability—auto binding vulnerability, or referred to as mass assignment in. Automatic binding capabilities in many of the frameworks are achieved, it allows the framework to automatically convert the HTTP request parameter bound to the object and to...

7.9AI score
Exploits0
Rows per page
Query Builder