41 matches found
CVE-2020-17532
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5...
EUVD-2021-2131
Malware in sbrugna...
EUVD-2022-1140
Malicious code in bioql PyPI...
EUVD-2024-0415
Malicious code in bioql PyPI...
CVE-2021-21501
Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0...
CVE-2023-44312
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 include. Users are recommended to upgrade to version 2.2.0, which fixes the issue...
CVE-2023-44313
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...
GO-2024-2495 Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
GO-2024-2496 Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions...
Sensitive Information Disclosure
github.com/apache/servicecomb-service-center is vulnerable to Sensitive Information Disclosure. The vulnerability allows an attacker to query all environment variables, resulting in Information Disclosure...
Server-Side Request Forgery
github.com/apache/servicecomb-service-center is vulnerable to Server-Side Request Forgery. The vulnerability is due to server.go because there is improper validation for user-supplied URLs or IP addresses that the service accesses for schema validation purposes. An attacker can craft a request an...
GHSA-9XC9-XQ7W-VPCR Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0 included. Users are recommended to upgrade to version 2.2.0, which fixes the...
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center. This issue affects Apache ServiceComb Service-Center before 2.1.0 included. Users are recommended to upgrade to version 2.2.0, which fixes the issue...
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0 included. Users are recommended to upgrade to version 2.2.0, which fixes the...
GHSA-R8XP-52MQ-RMM8 Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center. This issue affects Apache ServiceComb Service-Center before 2.1.0 included. Users are recommended to upgrade to version 2.2.0, which fixes the issue...
CVE-2023-44313
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...
Design/Logic Flaw
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 include. Users are recommended to upgrade to version 2.2.0, which fixes the issue...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...
CVE-2023-44313 Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...
CVE-2023-44313 Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API
Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...