envoyproxy/envoy: HTTP request with a URL fragment in the URI can bypass authorization policies

An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...

CVE-2021-32779

An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...

CVE-2021-32779

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI 'fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with...

CVE-2021-31920

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters %2F or %5C could potentially bypass an Istio authorization policy when path based authorization rules are used...

CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

PT-2021-7366 · Apache +10 · Subversion +11

Name of the Vulnerable Software and Affected Versions: Subversion mod dav svn versions 1.10.0 through 1.14.1 Description: The issue is related to memory corruption in Subversion's mod dav svn. It occurs when mod dav svn servers attempt to use memory that has already been freed while looking up...

CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

U.S. Dept Of Defense: [www.█████] Path-based reflected Cross Site Scripting

Description: The www.██████ endpoint is vulnerable to path-based reflected XSS which allows attackers to pass rogue JavaScript to unsuspecting users. Impact This flaw allows attackers to pass rogue JavaScript to unsuspecting users. Since the user’s browser has no way to know the script should not...

Prototype Pollution

Overview json8 is a JSON toolkit for JavaScript Affected versions of this package are vulnerable to Prototype Pollution. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution. Details...

Santa - A Binary Whitelisting/Blacklisting System For macOS

Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension or a system extension on macOS 10.15+ that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in ca...

Information Disclosure

subversion is vulnerable to information disclosure. An information disclosure flaw was found in the way the moddavsvn module processed certain URLs when path-based access control for files and directories was enabled. A malicious, remote user could possibly use this flaw to access certain files i...

Denial Of Service (DoS)

subversion is vulnerable to denial of service. An infinite loop flaw was found in the way the moddavsvn module processed certain data sets. If the SVNPathAuthz directive was set to "shortcircuit", and path-based access control for files and directories was enabled, a malicious, remote user could...

CVE-2020-10649

DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name...

Security clean up /plugins/servlet/Wallboard.old 200 response

A low risk Path-Based Vulnerability exists at /plugins/servlet/Wallboard.old. Stylesheets and basic html page load for page that should not exist/deprecated...

Security clean up /plugins/servlet/Wallboard.old 200 response

A low risk Path-Based Vulnerability exists at /plugins/servlet/Wallboard.old. Stylesheets and basic html page load for page that should not exist/deprecated...

Binary Whitelisting Blacklisting System for macOS: Santa

Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. The utilities function allow modification of the Object prototype. If an attacker can control part of the structure passed to this function, they could add or modify an existing property. PoC by Olivier Arteau...

DEBIAN-CVE-2014-3600

XML external entity XXE vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages...

Fedora 22 : subversion-1.8.15-1.fc22 (2015-6efa349a85)

This update includes the latest stable release of Apache Subversion 1.8, version 1.8.15. This update fixes two security issues: CVE-2015-3184: Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4...

subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4

It was found that the modauthzsvn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to...