11 matches found
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via authoritative subdomain cookie overwrite. An attacker controlling a subdomain under the parent domain can set cookies scoped to the...
CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite
Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...
Cookie Tossing
github.com/gitpod-io/gitpod is vulnerable to Cookie Tossing. The vulnerability is due to a missing Host- prefix on the gitpodiojwt2 session cookie, allowing an adversary who controls a subdomain to set the value of the cookie on the Gitpod control plane...
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...
CVE-2024-21583
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...
CVE-2024-21583
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...
CVE-2024-21583
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...
CVE-2024-21583
CWE/CVE: CVE-2024-21583 affects Gitpod components and protocol (e.g., components/server/go/pkg/lib, components/ws-proxy/pkg/proxy, installer/auth/public-api-server/server, and @gitpod/gitpod-protocol; before main-gha.27122) with a Cookie Tossing flaw due to a missing __Host- prefix on the gitpod_...
BIT-CODEIGNITER-2022-35943
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...
CVE-2022-35943 SameSite may allow cross-site request forgery (CSRF) protection to be bypassed
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...
CVE-2022-35943 SameSite may allow cross-site request forgery (CSRF) protection to be bypassed
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...