Overly permissive origin policy

Currently, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy SOP,...

Security Bulletin: Remote code execution possible due to insecure REST endpoint (CVE-2016-8938)

Summary IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. Vulnerability Details CVEID: CVE-2016-8938 DESCRIPTION:...

Design/Logic Flaw

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications...

CVE-2016-8938

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications...