LinkedIn: Session Cookie Leakage via Static Header Field in WebViewerFragment

A vulnerability was identified in the "WebViewerFragment" that could lead to the leakage of the user's cookies. The root cause was a static field "CUSTOMHEADERS" that persisted cookies across different URL loads, allowing an attacker to steal the victim's session cookies. The vulnerability was...

PT-2024-28616 · Hibernate · Hibernate

Name of the Vulnerable Software and Affected Versions: NHibernate versions prior to 5.4.9 NHibernate versions prior to 5.5.2 Description: A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. This vulnerability affects callers of these methods, including...