3 matches found
GHSA-8VCH-M3F4-Q8JF Elysia affected by arbitrary code injection through cookie config
Arbitrary code execution from cookie config. If dynamic cookies are enabled ie there exists a schema for cookies, the cookie config is injected into the compiled route without first being sanitised. Availability of this exploit is generally low, as it requires write access to either the Elysia...
GHSA-HXJ9-33PP-J2CC Elysia vulnerable to prototype pollution with multiple standalone schema validation
Prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the proto prop to be merged. When combined with GHSA-8vch-m3f4-q8jf...
UBUNTU-CVE-2021-29505
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to...