25 matches found
EUVD-2023-0966
Malicious code in bioql PyPI...
EUVD-2023-1062
Malicious code in bioql PyPI...
CVE-2023-26047
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...
CVE-2023-26046
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2023-26047
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...
Cross site scripting
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...
CVE-2023-26047
CVE-2023-26047 affects the Go HTTP middleware teler-waf (pre-0.2.0). The issue is a bypass vulnerability where a specific case-sensitive hex-entities payload containing CR/LF and horizontal tab can bypass web-attack rules, enabling an attacker to inject and execute arbitrary JavaScript in victims...
CVE-2023-26047 teler-waf contains detection rule bypass via entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...
CVE-2023-26047 teler-waf contains detection rule bypass via entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...
CVE-2023-26047 teler-waf contains detection rule bypass via entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...
teler-waf 安全漏洞
teler-waf is a Go HTTP middleware that provides teler IDS functionality to prevent Web-based attacks and improve the security of Go-based Web applications. It is highly configurable and easy to integrate into existing Go applications. A security vulnerability exists in teler-waf versions prior to...
CVE-2023-26046
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
Cross site scripting
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
GO-2023-1597 Cross site scripting in github.com/kitabisa/teler-waf
Improper sanitization and filtering of HTML entities in user input can lead to cross-site scripting XSS attacks where arbitrary JavaScript code is executed in the browser...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2023-26046
CVE-2023-26046 affects kitabisa/teler-waf (Go HTTP middleware). Prior to v0.1.1, it fails to properly sanitize HTML entities in user input, enabling bypass of common web attack rules and enabling cross-site scripting (XSS) in a victim’s browser. Impact described across multiple sources includes a...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
GHSA-P2PF-G8CQ-3GQ5 teler-waf contains detection rule bypass via Entities payload
Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab...
teler-waf contains detection rule bypass via Entities payload
Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab...