87 matches found
cc.jweb:jweb-adai (>=1.0.2 <=1.0.6), cc.jweb:jweb-boot (>=1.0.2 <=1.0.5) +102 more potentially affected by CVE-2023-23638 via org.apache.dubbo:dubbo (>=2.7.0 <=2.7.21)
org.apache.dubbo:dubbo MAVEN version =2.7.0, =1.0.2, =1.0.2, =1.2.1, =1.28.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =0.0.1, =2.2.7.RELEASE, =1.0.3, =1.0.3, =1.5.1, =2.0.1, =2.0.11 and more Source cves: CVE-2023-23638 Source advisory: OSV:GHSA-933G-V89R-X8...
Mozilla PollBot open redirect vulnerability
Mozilla PollBot is a microservice from the Mozilla Foundation. Freeing humans from the onerous task of polling for status during Firefox releases, Mozilla PollBot versions prior to 1.4.6 have an open redirect vulnerability that stems from the system not doing a reasonable job of targeting jumps,...
Introducing Microservices Patterns with Spring Integration
Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...
Design/Logic Flaw
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
CVE-2022-23506 Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...
Beijing Century Superstar Information Technology Development Co., Ltd.'s Learning Pass suffers from a stored XSS vulnerability
LearningTone is a course learning, knowledge dissemination and management sharing platform built on a microservice architecture. There is a stored XSS vulnerability in Beijing Century Super Star Information Technology Development Limited Liability Company's Learning Pass, which can be exploited b...
Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22963
Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22963? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22963 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...
Malicious code in microservice-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f8eabb87b272e86465f3f49feac05429f1b06685e9e519eda3ad6f386231029 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4583 Malicious code in microservice-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f8eabb87b272e86465f3f49feac05429f1b06685e9e519eda3ad6f386231029 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
How Software Architects Can Manage Technical Debt in a Microservice Architecture
By Owais Sultan Most software architects wear two different hats - they act as software engineers and technical leaders. However, software… This is a post from HackRead.com Read the original post: How Software Architects Can Manage Technical Debt in a Microservice Architecture...
CVE-2022-29555
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...
Cross site scripting
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...
CVE-2022-29556
CVE-2022-29556 affects the iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2. The vulnerability arises from the Azure IoT Hub integration, which exposes SSRF primitives that can be used to execute cross-tenant actions via internal API endpoints. This leads to potentia...
CVE-2022-29556
The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints...
CVE-2022-29555
CVE-2022-29555 affects the Deviceconnect microservice (Northern.tech Mender Enterprise) up to version 1.3.0, prior to 3.2.2, enabling Cross-Origin Websocket Hijacking. Attack vector is network; CVSSv3 base score 8.8 (HIGH) with UI required. Remediation: upgrade to Mender Enterprise 3.2.2 or later...
Northern.tech Mender Enterprise 跨站请求伪造漏洞
Northern.tech Mender Enterprise is a wireless update manager for IoT devices from Northern.tech. A security vulnerability exists in Northern.tech Mender Enterprise prior to version 3.2.2, which stems from a cross-domain websocket hijacking allowed via the Deviceconnect microservice from 1.3.0...
CVE-2022-24815
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...
Sql injection
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...
CVE-2022-24815 SQL Injection when creating an application with Reactive SQL backend
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...