50 matches found
tyk-identity-broker 授权问题漏洞
tyk-identity-broker is a software application. A service level component is provided that enables authorization of authorized identities and provides authenticated access to various Tyk-supported components such as the Tyk Dashboard, Tyk Developer Portal, and Tyk Gateway API streams e.g., OAuth...
Arbitrary File Delete
github.com/tyktechnologies/tyk is vulnerable to arbitrary file delete. The vulnerability exists through the handleAddOrUpdateApi function in api.go where json files outside of the application can be deleted if the file path is specified in the request...
CVE-2021-23357
All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...
CVE-2021-23357
All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...
Directory traversal
All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...
CVE-2021-23357 Directory Traversal
All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...
CVE-2021-23357
CVE-2021-23357 - Normal mode (concrete details available) Affected software: github.com/TykTechnologies/tyk/gateway (Tyk Gateway) with the vulnerability reported across multiple feeds. Vulnerability and root cause: Directory Traversal via the handleAddOrUpdateApi function. The APIID supplied by t...
CVE-2021-23357
All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...
Directory Traversal
Overview github.com/TykTechnologies/tyk/gateway is a Tyk Gateway API Affected versions of this package are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The API...
Brute Force Attacks
github.com/tyktechnologies/tyk is vulnerable to brute force attacks. The library does not have any timeout configured, allowing a malicious user to have numerous retries to brute force the password for an account...