Partial String Comparison

Overview Affected versions of this package are vulnerable to Partial String Comparison via the router component. An attacker can route requests to unintended backend servers by sending crafted HTTP requests with manipulated Host headers. Remediation A fix was pushed into the master branch but not...

Partial String Comparison

Overview Affected versions of this package are vulnerable to Partial String Comparison via the router component. An attacker can route requests to unintended backend servers by sending crafted HTTP requests with manipulated Host headers. Remediation Upgrade http-proxy-middleware to version 2.0.10...

Partial String Comparison

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuration in a predicti...

Partial String Comparison

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuratio...

Partial String Comparison

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2024-39742

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...

EUVD-2024-38221

Malicious code in bioql PyPI...

CVE-2024-39743

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172...

CVE-2024-39742

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...

CVE-2024-39743 IBM MQ Container denial of service

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 297172...

PT-2024-28656 · Ibm · Ibm Mq Operator

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.24 through 3.2.2 Description: The issue allows a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. Recommendations: For IBM MQ Operator version 2.0.24,...

PT-2024-28657 · Ibm · Ibm Mq Container Developer Edition +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.24 through 3.2.2 IBM MQ Container Developer Edition affected versions not specified Description: The issue is caused by incorrect memory de-allocation, leading to a denial of service. A remote attacker could explo...

IBM MQ Operator Security Vulnerability

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A security vulnerability exists in IBM MQ Operator version 3.2.2, version 2.0.24, which originates from allowing users to cause a denial of service due to a partial string...