io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

Netty has Insufficient Bailiwick Validation for NS Records

Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...

Medium: curl

Issue Overview: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform...

AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services AWS Managed Workflows for Apache Airflow MWAA that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances...

py-matrix-synapse -- XSS vulnerability

Matrix developers reports: The fallback authentication endpoint served via Synapse were vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities,...