19 matches found
EUVD-2024-2393
Malicious code in bioql PyPI...
EUVD-2022-5973
Malicious code in bioql PyPI...
Shanghai Blade Technology Co., Ltd. BladeX suffers from a logic flaw vulnerability
BladeX is a well-designed microservices architecture that provides a full suite of SpringCloud solutions. Ltd. BladeX has a logic flaw vulnerability that can be exploited by an attacker to overstep his authority to obtain sensitive information and perform unauthorized operations...
What Are the Benefits of a Microservices Architecture?
...
springboot-openai-chatgpt 安全漏洞
springboot-openai-chatgpt is a SpringCloud microservices architecture based on SpringCloud by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from a business logic error and could lead to a remote attack...
Apache Seata Deserialization Vulnerability
Apache Seata is an open source distributed transaction solution , is committed to providing high performance and easy to use distributed transaction services in the microservices architecture . Apache Seata suffers from a deserialization vulnerability that can be exploited by a remote attacker to...
CVE-2024-41949 biscuit-rust vulnerable to public key confusion in third party block
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...
Spring Tips: Introducing Spring Modulith
Hi, Spring fans! In this installment we look at the amazing Spring Modulith project. It's goal is to help you better structure your codebase for architectural scalability. It's an amazing and refreshing approach to building applications. Think of it like a chance to pair program on the architectu...
Upgrade to New UI of Qualys Web Application Scanning (WAS): Bringing You Enhanced Web Application Security
In the dynamic world of cybersecurity, staying ahead means constantly evolving. At Qualys, we understand that the bedrock of outstanding security is continuous improvement and innovation. Thats why were thrilled to announce the latest launch of the new User Interface UI for Qualys Web Application...
SQL Injection Vulnerability in SpringBlade of Shanghai Breadtech Co. Ltd (CNVD-2023-101321)
SpringBlade is a well-designed microservices architecture that provides a full suite of SpringCloud solutions. Ltd. SpringBlade suffers from a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive database information...
Unauthorized Access Vulnerability in SpringBlade of Shanghai Bred Technology Co. Ltd (CNVD-2023-94732)
SpringBlade is a microservices architecture upgraded and optimized from a commercial-grade project. An unauthorized access vulnerability exists in SpringBlade, which can be exploited by an attacker to obtain sensitive information...
Fedora: Security Advisory for grpc (FEDORA-2023-15b3e80753)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: grpc-1.48.4-8.fc37
gRPC is a modern open source high performance RPC framework that can run in a ny environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...
crAPI - Completely Ridiculous API
c ompletely r idiculous API crAPI will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself. crAPI is modern, built on top of a microservices architecture. When time has come to buy your first...
CVE-2022-31053
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...
CVE-2022-31053 Signature forgery in Biscuit
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...
Dockerfile Detected
Docker is one of the most popular platform using virtualization at the operating system level to deliver software in packages called containers. To take advantage of cloud based infrastructures, developers often build their applications on top of the microservices architecture pattern with one or...
NATS Server Access Control Error Vulnerability
NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging and microservices architecture. An access control error vulnerability exists in NATS Server 2.x before 2.2.0 and JWT library before 2.0.1, which stems from improper handling of...
How to easily protect any Kubernetes application?
The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the advantages of microservices architecture, no other product can compete with Kubernetes as a container orchestrator. Nevertheless, even the best solutions have challenge...