4 matches found
MalCodeAI: Autonomous Vulnerability Detection and Remediation Via Language Agnostic Code Reasoning
The growing complexity of cyber threats and the limitations of traditional vulnerability detection tools necessitate novel approaches for securing software systems. We introduce MalCodeAI, a language-agnostic, multi-stage AI pipeline for autonomous code security analysis and remediation. MalCodeA...
vLLM vulnerable to Regular Expression Denial of Service
Summary A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service ReDoS attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking. 1...
Security Bulletin: IBM Match 360 vulnerable through IBM WebSphere Application Server Liberty being vulnerable to information disclosure (CVE-2023-50314)
Summary IBM Match 360 is vulnerable to information disclosure from IBM WebSphere Application Server Liberty. This is affecting IBM WebSphere Application Server Liberty versions 17.0.0.3 - 24.0.0.8. IBM WebSphere Application Server Liberty could allow an attacker with access to the network to...
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution(CVE-2017-12629)
First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...