OESA-2024-1105 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map...

tomcat: incorrectly parsed http trailer headers can cause request smuggling

A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...

CVE-2024-23649

CVE-2024-23649 affects Lemmy 0.17.0 up to 0.19.0 (vulnerable) with a patch available in 0.19.1. The issue allows any authenticated user to obtain arbitrary private message contents by calling the API at /api/v3/private_message/report; the response can include the private message itself and, in so...

CVE-2024-23649 Any authenticated user may obtain private message details from other users on the same instance

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

CVE-2024-23649 Any authenticated user may obtain private message details from other users on the same instance

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

PT-2024-20000 · Lemmy · Lemmy

Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.17.0 through 0.19.0 Description: The issue allows any authenticated user to obtain arbitrary private message contents by creating a private message report. This is possible because the API response to creating a private messa...

GHSA-58J9-J2FJ-V8F4 SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface

SurrealDB depends on the tungstenite and tokio-tungstenite crates used by the axum crate, which handles connections to the SurrealDB WebSocket interface. On versions before 0.20.1, the tungstenite crate presented an issue which allowed the parsing of HTTP headers during the client handshake to...

SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface

SurrealDB depends on the tungstenite and tokio-tungstenite crates used by the axum crate, which handles connections to the SurrealDB WebSocket interface. On versions before 0.20.1, the tungstenite crate presented an issue which allowed the parsing of HTTP headers during the client handshake to...

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.4.0, 9.7.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. Jira Software Data Center versions 9.14.0, 9.13.0, 9.13.1 are NOT affected This...

golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

tomcat: incorrectly parsed http trailer headers can cause request smuggling

A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...

USN-6038-2 golang-1.13, golang-1.16 vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

SAP Web Dispatcher Security Vulnerability

SAP Web Dispatcher is a core component of Load Balancing from SAP, which supports load balancing and provides reverse proxy functionality to enable external network users to access internal applications. A security vulnerability exists in SAP Web Dispatcher that stems from the fact that under...

GHSA-V2V2-HPH8-Q5XP @fastify/reply-from JSON Content-Type parsing confusion

Impact The main repo of fastify use fast-content-type-parse to parse request Content-Type, which will trim after split. The fastify-reply-from have not use this repo to unify the parse of Content-Type, which won't trim. As a result, a reverse proxy server built with @fastify/reply-from could...

@fastify/reply-from JSON Content-Type parsing confusion

Impact The main repo of fastify use fast-content-type-parse to parse request Content-Type, which will trim after split. The fastify-reply-from have not use this repo to unify the parse of Content-Type, which won't trim. As a result, a reverse proxy server built with @fastify/reply-from could...

CVE-2023-51701

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with @fastify/reply-from could misinterpret the incoming body by passing an header ContentType: application/json ; charset=utf-8. This can lead to bypass of security checks...

CVE-2023-51701 @fastify-reply-from JSON Content-Type parsing confusion

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with @fastify/reply-from could misinterpret the incoming body by passing an header ContentType: application/json ; charset=utf-8. This can lead to bypass of security checks...

Internet Bug Bounty: Request Smuggling in Apache Tomcat (Important, CVE-2023-45648)

A vulnerability in Apache Tomcat versions 11.0.0-M1 to 11.0.0-M11, 10.1.0-M1 to 10.1.13, 9.0.0-M1 to 9.0.80, and 8.5.0 to 8.5.93 allowed HTTP request smuggling due to improper parsing of trailer headers. This could be exploited by a remote attacker to bypass security controls when Tomcat was...

Bruteforce protection can be bypassed with misconfigured proxy

None...

CVE-2023-6563

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...