4960 matches found
CVE-2023-6839
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...
CVE-2023-6839
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...
Input validation
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...
CVE-2023-6839
CVE-2023-6839 affects WSO2 API Manager. The issue stems from improper error handling in a REST API resource, which can cause server-side errors to disclose an internal WSO2-specific package name in the HTTP response. Documented impacts indicate confidentiality exposure (information disclosed via ...
CVE-2023-6839
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...
CVE-2023-6839
Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response...
GHSA-F6GV-HH8J-Q8VQ Named path parameters can be overridden in TrieRouter
Impact The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matche...
Named path parameters can be overridden in TrieRouter
Impact The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matche...
PT-2023-31600 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 9.3 through 16.4.3 GitLab versions 16.5 through 16.5.3 GitLab versions 16.6 through 16.6.1 Description: An issue has been discovered in GitLab where, in certain situations, it may have been possible for developers to override...
CVE-2023-50710
Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...
Design/Logic Flaw
Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...
CVE-2023-50710 Hono's named path parameters can be overridden in TrieRouter
Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...
CVE-2023-50710 Hono's named path parameters can be overridden in TrieRouter
Hono is a web framework written in TypeScript. Prior to version 3.11.7, clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources...
CVE-2023-50710
Summary: CVE-2023-50710 affects the Hono web framework (TypeScript). Before v3.11.7, when using TrieRouter, a client could override named path parameters from a previous request, potentially causing a privileged user to use unintended parameters when deleting REST API resources. The issue is miti...
GitLab 9.3 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-5061)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain...
FreeBSD : Gitlab -- vulnerabilities (e2fb85ce-9a3c-11ee-af26-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e2fb85ce-9a3c-11ee-af26-001b217b3468 advisory. - Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's...
Gitlab -- vulnerabilities
Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's public certificate When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge The GitLab web interface does not ensure...
CVE-2023-48430
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...
CVE-2023-48430
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...
CVE-2023-36652
A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter...