Lucene search
K

382 matches found

cve
cve
added 2023/11/22 9:19 a.m.59 views

CVE-2023-37924

Apache Submarine (subsystem: server) has an SQL injection vulnerability that allows login-time exploitation, affecting versions 0.7.0–0.8.0. The issue could enable unauthorized logins. A fix is available in version 0.8.0, which also adds oidc support and removes unauthenticated login paths. If up...

9.8CVSS9.6AI score0.07167EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2023/11/20 9:15 a.m.41 views

CVE-2023-46302

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.8CVSS0.01747EPSS
Exploits9References3
osv
osv
added 2023/11/20 9:15 a.m.54 views

PYSEC-2023-240

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.8CVSS7.7AI score0.01747EPSS
Exploits9References4
prion
prion
added 2023/11/20 9:15 a.m.47 views

Design/Logic Flaw

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

7.5CVSS7.2AI score0.99615EPSS
Exploits9References3Affected Software1
cve
cve
added 2023/11/20 8:46 a.m.103 views

CVE-2023-46302

CVE-2023-46302 affects Apache Submarine (0.7.0–0.8.0 pre-upgrade) where YAML deserialization in the YamlUtils.yaml processing path (SnakeYAML-based) can lead to remote code execution. The issue arises during unmarshalling of YAML requests via JAXRS endpoints using application/yaml content-type; t...

9.8CVSS9.5AI score0.99615EPSS
Exploits9References3Affected Software1
osv
osv
added 2023/11/14 10:24 p.m.35 views

GHSA-4JQ9-2XHW-JPX7 Java: DoS Vulnerability in JSON-JAVA

Summary A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: 1 the parser bug can be used to circumvent a check that is supposed to...

7.5CVSS7.2AI score0.01449EPSS
Exploits1References7
github
github
added 2023/11/14 10:24 p.m.163 views

Java: DoS Vulnerability in JSON-JAVA

Summary A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: 1 the parser bug can be used to circumvent a check that is supposed to...

7.5CVSS6.9AI score0.01449EPSS
Exploits1References7Affected Software1
github
github
added 2023/11/12 3:55 p.m.55 views

otelgrpc DoS vulnerability due to unbound cardinality metrics

Summary The grpc Unary Server Interceptor opentelemetry-go-contrib/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go // UnaryServerInterceptor returns a grpc.UnaryServerInterceptor suitable // for use in a grpc.NewServer call. func UnaryServerInterceptoropts ...Option...

7.5CVSS7.1AI score0.01592EPSS
Exploits0References9Affected Software1
openbugbounty
openbugbounty
added 2023/11/09 10:27 a.m.15 views

pr-today.net Cross Site Scripting vulnerability OBB-3775989

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
osv
osv
added 2023/11/08 7:15 p.m.15 views

GHSA-R2XV-VPR2-42M9 slsa-verifier vulnerable to mproper validation of npm's publish attestations

Summary slsa-verifier attestationstampered.json 5. SLSAVERIFIEREXPERIMENTAL=1 slsa-verifier verify-npm-package supreme-goggles.tgz --attestations-path attestationstampered.json --builder-id "https://github.com/actions/runner/github-hosted" --package-name "@trishankatdatadog/supreme-goggles"...

7.1AI score
Exploits0References6
github
github
added 2023/11/08 7:15 p.m.19 views

slsa-verifier vulnerable to mproper validation of npm's publish attestations

Summary slsa-verifier attestationstampered.json 5. SLSAVERIFIEREXPERIMENTAL=1 slsa-verifier verify-npm-package supreme-goggles.tgz --attestations-path attestationstampered.json --builder-id "https://github.com/actions/runner/github-hosted" --package-name "@trishankatdatadog/supreme-goggles"...

7.1AI score
Exploits0References6Affected Software2
openbugbounty
openbugbounty
added 2023/10/28 8:11 p.m.9 views

pr-and-events.de Improper Access Control vulnerability OBB-3767710

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.6AI score
Exploits0
osv
osv
added 2023/10/26 8:53 p.m.62 views

GHSA-X9W5-V3Q2-3RHW browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack

Summary An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. Details In dsaVerify function, it checks whether the value of the signature is legal by calling...

7.5CVSS6.7AI score0.00508EPSS
Exploits0References8
github
github
added 2023/10/26 8:53 p.m.97 views

browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack

Summary An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. Details In dsaVerify function, it checks whether the value of the signature is legal by calling...

7.5CVSS6.7AI score0.00508EPSS
Exploits0References8Affected Software1
code423n4
code423n4
added 2023/10/25 12:0 a.m.10 views

Broken logical expression in onlyManager()

Lines of code Vulnerability details Original Issue H-05: Functions in the VotiumStrategy contract are susceptible to sandwich attacks Details Depositing/withdrawing directly to/from derivatives provides an opportunity for an adversary to sandwich the users, since the slippage control mechanism wa...

7AI score
Exploits0
code423n4
code423n4
added 2023/10/25 12:0 a.m.12 views

Introduce minEpoch to prevent withdrawal requests being front-runned

Lines of code Vulnerability details Original Issue M-04: VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process Issue Details The issue raised above occured whenever there was an unlocked balance which could be used to fulfill...

7AI score
Exploits0
nvd
nvd
added 2023/10/18 10:15 p.m.37 views

CVE-2023-45812

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

7.5CVSS7.5AI score0.00726EPSS
Exploits0References2
prion
prion
added 2023/10/18 10:15 p.m.17 views

Design/Logic Flaw

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

5CVSS7.5AI score0.00726EPSS
Exploits0References2Affected Software2
vulnrichment
vulnrichment
added 2023/10/18 9:29 p.m.14 views

CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

7.5CVSS7.1AI score0.00726EPSS
Exploits0References2
osv
osv
added 2023/10/18 9:29 p.m.21 views

CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

7.5CVSS7.4AI score0.00726EPSS
Exploits0References4
Rows per page
Query Builder