GHSA-7WW3-XVF5-CXWM ciguard: Web UI is missing HTTP defence-in-depth headers

Summary ciguard's FastAPI Web UI src/ciguard/web/app.py does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing Content-Security-Policy Medium, X-Frame-Options Medium, Sub-Resource-Integrity on /api/docs Medium, COOP / COEP / CORP Low, Permissions-Policy Low...

com.codbex.atlas:codbex-atlas-application (>=2.62.0 <=2.108.0), com.codbex.gaia:codbex-gaia-application (>=2.61.0 <=2.64.0) +22 more potentially affected by CVE-2026-33349 via org.webjars.npm:fast-xml-parser (>=4.5.3 <=5.2.5)

org.webjars.npm:fast-xml-parser MAVEN version =4.5.3, =2.62.0, =2.61.0, =2.52.0, =2.52.0, =2.51.0, =2.51.0, =3.6.0, =2.50.0, =5.0.0, =5.0.0, =11.58.0, =12.2.0, =11.58.0, =11.58.0, =11.48.2, =12.1.0 and more Source cves: CVE-2026-33349 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15699648...

CVE-2024-39011

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the function mergeObjects...

Metasploit Wrap-Up 10/31/2025

New module content 3 ReDoc API Docs UI Exposed Author: Hamza Sahin Type: Auxiliary Pull request: 20594 contributed by HamzaSahin61 Path: scanner/http/redocexposed Description: Adds a module to detect publicly exposed ReDoc API documentation pages using read-only HTTP GET requests searching for...

ReDoc API Docs UI Exposed

Detects publicly exposed ReDoc API documentation pages. The module performs safe, read-only GET requests and reports likely ReDoc instances based on HTML markers. Module Options msf use auxiliary/scanner/http/redocexposed msf auxiliaryredocexposed show actions ...actions... msf...

EUVD-2024-54329

Malicious code in bioql PyPI...

Prototype Pollution

Redoc is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the Module.mergeObjects component, allows attackers to manipulate the prototype chain and introduce malicious payloads, which can trigger a Denial of Service DoS...

CVE-2024-57083

A flaw was found in redoc. This vulnerability can allow an attacker to cause a Denial of Service DoS via supplying a crafted payload...

@abios/abios-redoc-cli (>=0.12.4 <=0.15.0), @acmekit/acmekit-oas-cli (>=2.13.1 <=2.13.94) +55 more potentially affected by CVE-2024-57083 via redoc (>=0.5.2 <=2.2.0)

redoc NPM version =0.5.2, =0.12.4, =2.13.1, =2.13.1, =0.0.1, =1.0.0, =2.6.10, =1.0.0, =1.0.1, =1.18.2, =0.0.2, =0.1.4, =0.1.0, =0.2.1, =9.0.0, =9.7.3 and more Source cves: CVE-2024-57083 Source advisory: OSV:GHSA-9RHG-254W-FH9X...

GHSA-9RHG-254W-FH9X Redoc Prototype Pollution via `Module.mergeObjects` Component

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

Redoc Prototype Pollution via `Module.mergeObjects` Component

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57083

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57083

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57083

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

Redoc 安全漏洞

Redoc is an open source tool from Redocly Open Source. It is used to generate documentation from OpenAPI definitions. A security vulnerability exists in Redoc 2.2.0 and earlier versions that stems from prototype contamination and could lead to a denial of service...

CVE-2024-57083

CVE-2024-57083 describes a prototype pollution in the Redoc library, specifically the Module.mergeObjects function in redoc

CVE-2024-57083

A prototype pollution in the component Module.mergeObjects redoc/bundles/redoc.lib.js:2 of redoc = 2.2.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

Prototype Pollution

Overview org.webjars.npm:redoc is an OpenAPI/Swagger-generated API Reference Documentation. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects method in utils/helpers.ts due to improper user input sanitization. PoC js async = const lib = await...

Prototype Pollution

Overview org.webjars.bower:redoc is an OpenAPI/Swagger-generated API Reference Documentation. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects method in utils/helpers.ts due to improper user input sanitization. PoC js async = const lib = await...

de.gsi.acc:chartfx-acc (>=11.2.2 <=11.2.7), de.gsi.report:chartfx-report (>=11.2.2 <=11.2.7) +16 more potentially affected by CVE-2024-57083 via org.webjars.npm:redoc (>=2.0.0-rc.23 <=2.1.4)

org.webjars.npm:redoc MAVEN version =2.0.0-rc.23, =11.2.2, =11.2.2, =11.2.2, =11.2.2, =5.0.0, =5.0.0, =3.9.0, =3.9.0, =2.5.0, =2.5.0, =3.0.0, =11.0.0, =0.7.13, =0.7.13, =0.8.3, =0.8.4 and more Source cves: CVE-2024-57083 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-8664935...