jenkins: CSRF protection bypass via crafted URLs

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL...

Spark Information Disclosure Vulnerability

Spark is a lightweight Java web framework that allows you to quickly create web applications with minimal effort. Spark before 2.7.2 suffers from an information disclosure vulnerability. A remote attacker can exploit the vulnerability to read unintended static files via various representations of...