CVE-2023-36827

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

PYSEC-2023-107

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

CVE-2023-36827 Fides vulnerable to Path Traversal in Webserver API

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

CVE-2023-36827 Fides vulnerable to Path Traversal in Webserver API

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

CVE-2023-36827 Fides vulnerable to Path Traversal in Webserver API

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

PT-2023-25716 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.15.1 Description: A path traversal vulnerability affects Fides, allowing remote attackers to access arbitrary files on the Fides webserver container's filesystem. If the Fides webserver API is deployed behind a rever...

The vulnerability of the Reverse Proxy Auth plugin for Jenkins allows a hacker to execute a CSRF attack.

The vulnerability of the Jenkins Reverse Proxy Auth plugin is related to the manipulation of cross-site requests. Exploiting this vulnerability can allow a attacker to execute a CSRF attack...

spring-boot: Spring Boot Welcome Page DoS Vulnerability

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...

keycloak: Untrusted Certificate Validation

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

keycloak: Untrusted Certificate Validation

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A malicious client can cause an error against the destination's size limit, which would incorrectly be attributed to the destination rather than the client. This could allow an attacker to send large amounts of da...

CVE-2023-33141

Yet Another Reverse Proxy YARP Denial of Service Vulnerability...

CVE-2023-33141

Yet Another Reverse Proxy YARP Denial of Service Vulnerability...

CVE-2023-33141

Yet Another Reverse Proxy YARP Denial of Service Vulnerability...

CVE-2023-33141

Summary: CVE-2023-33141 is a Denial of Service vulnerability in Yet Another Reverse Proxy (YARP). The OSV entry confirms a DoS impact exists in YARP and provides remediation: upgrade to Yarp.ReverseProxy 2.0.1 (and Telemetry.Consumption 2.0.1) to mitigate. The CVE entry lists CVSSv3.1 base score ...

Debian: Security Advisory (DSA-5435-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

spring-boot: Spring Boot Welcome Page DoS Vulnerability

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...

The vulnerability of the Yet Another Reverse Proxy (YARP) from Microsoft, which stems from insufficient input validation, allows attackers to induce a service failure.

The vulnerability of the Yet Another Reverse Proxy YARP Microsoft component is related to insufficient input validation. Exploiting this vulnerability could allow a malicious actor to cause service failures...

spring-boot: Spring Boot Welcome Page DoS Vulnerability

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed...