Lucene search
+L

27 matches found

Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.4 views

PT-2024-18976 · Nonebot2 · Nonebot2

Name of the Vulnerable Software and Affected Versions: nonebot2 versions prior to 2.2.0 Description: This issue pertains to a potential information leak, such as environment variables, when developers use MessageTemplate and incorporate user-provided data into templates. The estimated number of...

6.5CVSS7AI score0.00492EPSS
Exploits0References14
Prion
Prion
added 2024/01/16 10:15 p.m.16 views

Server side request forgery (ssrf)

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...

6.5CVSS7.1AI score0.00482EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 9:31 p.m.1 views

CVE-2024-0601 ZhongFuCheng3y Austin Email Message Template AustinFileUtils.java getRemoteUrl2File server-side request forgery

A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to...

6.5CVSS6.4AI score0.00482EPSS
Exploits1References3
CVE
CVE
added 2024/01/16 9:31 p.m.42 views

CVE-2024-0601

CVE-2024-0601 affects ZhongFuCheng3y Austin 1.0, specifically the getRemoteUrl2File function in AustinFileUtils.java (Email Message Template Handler). Multiple connected sources (NVD, Red Hat, PRION, PT-SEC) corroborate a server-side request forgery (SSRF) condition triggered by insufficient vali...

6.5CVSS6.5AI score0.00482EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:6 p.m.78 views

Expression Language Injection in Netflix Conductor

Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...

9.8CVSS8.9AI score0.02006EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/07/14 8:15 p.m.16 views

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

9.8CVSS0.01663EPSS
Exploits0References1
OSV
OSV
added 2020/07/14 8:15 p.m.6 views

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

9.8CVSS7.4AI score0.01663EPSS
Exploits0References1
Rows per page
Query Builder