CVE-2021-28667

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

EUVD-2022-2150

Malicious code in bioql PyPI...

EUVD-2022-46972

Malicious code in bioql PyPI...

CVE-2022-44009

Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...

CVE-2022-43706

Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...

PT-2022-27012 · Unknown · Stackstorm

Name of the Vulnerable Software and Affected Versions: StackStorm versions prior to 3.8.0 Description: A cross-site scripting XSS issue in the Web UI allows logged-in users with write access to pack rules to inject arbitrary script or HTML, which may be executed in the Web UI for other logged-in...

PT-2022-27071 · Unknown · Stackstorm

Name of the Vulnerable Software and Affected Versions: StackStorm version 3.7.0 Description: The issue is related to improper access control in Key-Value RBAC, where permissions in Jinja filters are not checked, allowing attackers to access Key-Value pairs of other users. This could potentially...

This Week in Security News: Security Vulnerabilities

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn what critical approaches can protect your enterprise business from software vulnerabilities. Also, learn about vulnerabilities in IoT...