Genivia gSOAP WS-Security plugin denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product URLs...

Genivia gSOAP WS-Security plugin denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Genivia gSOAP 2.8.107 Product URLs...

Persistent XSS in newsletter module in Shopware

Impact Persistent XSS in newsletter module Patches We recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

GHSA-HRFH-FP4X-CRRQ Persistent XSS in newsletter module in Shopware

Impact Persistent XSS in newsletter module Patches We recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

Persistent XSS in shopping worlds

Impact Persistent XSS in shopping worlds Patches We recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

GHSA-28FW-88HQ-6JMM Persistent XSS in shopping worlds

Impact Persistent XSS in shopping worlds Patches We recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

GHSA-6GV9-7Q4G-PMVM Persistent XSS in customer module in Shopware

Impact Persistent XSS in customer module Patches We recommend updating to the current version 5.6.9. You can get the update to 5.6.9 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

PT-2020-6540 · Gsoap · Gsoap

Name of the Vulnerable Software and Affected Versions: gSOAP version 2.8.107 Description: A denial-of-service issue exists in the WS-Security plugin functionality of gSOAP. This issue can be triggered by a specially crafted SOAP request, leading to denial of service. An attacker can exploit this ...

PT-2020-6526 · Genivia · Gsoap

Name of the Vulnerable Software and Affected Versions: Genivia gSOAP version 2.8.107 Description: A denial-of-service issue exists in the WS-Security plugin functionality of Genivia gSOAP. This is due to pointer dereference errors when processing SOAP requests. An attacker can exploit this by...

RCE in Third Party Library in Shopware

Impact RCE in Third Party Library Patches We recommend to update to the current version 6.3.1.1. You can get the update to 6.3.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

GHSA-QVC5-CFRR-384V RCE in Third Party Library in Shopware

Impact RCE in Third Party Library Patches We recommend to update to the current version 6.3.1.1. You can get the update to 6.3.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

CVE-2020-2279

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...

CVE-2020-2279

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...

Security feature bypass

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...

CVE-2020-2279

CVE-2020-2279 describes a sandbox bypass in Jenkins Script Security Plugin (versions 1.74 and earlier). The vulnerability lets attackers with permission to define sandboxed scripts craft return values or script bindings that can lead to arbitrary code execution on the Jenkins controller JVM. The ...

CVE-2020-2279

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM...

jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts

A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...

jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts

A sandbox bypass flaw was found in the Jenkins Script Security Plugin versions 1.67 and earlier, that are related to the handling of closure default parameter expressions. This flaw allows attackers to execute arbitrary code in sandboxed scripts...