CVE-2023-47640

DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources i.e. state level actors with large computational capabilities...

PT-2025-20599 · Unknown · Code-Server

Name of the Vulnerable Software and Affected Versions: code-server versions prior to 4.99.4 Description: The issue allows an attacker to gain access to the session token through a maliciously crafted URL using the proxy subpath. This can result in the attacker proxying to an arbitrary domain,...