27 matches found
PT-2024-18976 · Nonebot2 · Nonebot2
Name of the Vulnerable Software and Affected Versions: nonebot2 versions prior to 2.2.0 Description: This issue pertains to a potential information leak, such as environment variables, when developers use MessageTemplate and incorporate user-provided data into templates. The estimated number of...
Server side request forgery (ssrf)
A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...
CVE-2024-0601 ZhongFuCheng3y Austin Email Message Template AustinFileUtils.java getRemoteUrl2File server-side request forgery
A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...
CVE-2024-0601
CVE-2024-0601 affects ZhongFuCheng3y Austin 1.0, specifically the getRemoteUrl2File function in AustinFileUtils.java (Email Message Template Handler). Multiple connected sources (NVD, Red Hat, PRION, PT-SEC) corroborate a server-side request forgery (SSRF) condition triggered by insufficient vali...
Expression Language Injection in Netflix Conductor
Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...
CVE-2020-9297
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...
CVE-2020-9297
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...