6 matches found
EUVD-2021-28239
Malicious code in bioql PyPI...
CVE-2022-39304 ghinstallation returns app JWT in error responses
ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...
CVE-2021-41100
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of...
CVE-2021-41100
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of...
CVE-2021-41100
CVE-2021-41100 affects Wire-server (Wire’s backing server). A short-lived session token in the Authorization header can be used to change a user’s email, which may enable account takeover due to subsequent password changes. Public details indicate that Version 2021-08-16 and later added a new end...
CVE-2021-41100 Account takeover when having only access to a user's short lived token in wire-server
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of...