288 matches found
CVE-2021-37713
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...
ALPINE-CVE-2021-37712
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...
CVE-2021-37712
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...
CVE-2021-37713
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...
CVE-2021-37713
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...
CVE-2021-37713
The CVE-2021-37713 issue concerns the npm package tar (node-tar) on Windows where extraction could create or overwrite arbitrary files and execute code due to insufficient path sanitization for drive-letter paths (e.g., C: paths) that differ from the extraction target. The vulnerability arises wh...
CVE-2021-32779
CVE-2021-32779 affects Envoy, where a URI with a '#fragment' can be misinterpreted as part of the path. In affected Envoy releases prior to 1.18.0, or 1.18.0+ with path_normalization=false, the fragment may be treated as a path suffix (e.g., /admin#foo) and fail path checks, potentially leaking t...
Exploit for Improper Authentication in Apache Shiro
Apache Shiro 两种姿势绕过认证分析(CVE-2020-17523) 0x01 漏洞描述 Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 当它和 Spring 结合使用时,在一定权限匹配规则下,攻击者可通过构造特殊的 HTTP 请求包完成身份认证绕过。 影响范围:Apache Shiro / | | 双反斜杠处理成反斜杠 | // - / | | 以/.或者/..结尾,则在结尾添加/ | /. - /./ /.....
403Fuzzer - Fuzz 403/401Ing Endpoints For Bypasses
Fuzz 403ing endpoints for bypasses Follow on twitter! @intrudir This tool will check the endpoint with a couple of headers such as X-Forwarded-For It will also apply different payloads typically used in dir traversals, path normalization etc. to each endpoint on the path. e.g. /%2e/test/test2...
CVE-2021-29492
Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. a block on /admin. A...
CVE-2021-29492
Envoy versions up to 1.18.2 contain a URL-path decoding flaw: escaped slashes (%2F, %5C) are not decoded, allowing an attacker to craft paths like /something%2F..%2Fadmin to bypass access controls and escalate privileges when RBAC/JWT filters enforce path-based policies. This can let a backend se...
CVE-2021-27099
In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "awsiid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of ...
CVE-2021-27099
In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "awsiid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of ...
LY Corporation: Path traversal in a Tomcat server
A path traversal vulnerability was discovered in a Tomcat server, which allowed an attacker to access internal resources such as the administrator page. The vulnerability was caused by a misconfiguration between the reverse proxy and the WAS, and occurred when the attacker entered the string "..;...
undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...
undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...
undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...
undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...
undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...
CVE-2020-1757
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an...