Lucene search
+L

50 matches found

CNNVD
CNNVD
added 2021/04/26 12:0 a.m.3 views

tyk-identity-broker 授权问题漏洞

tyk-identity-broker is a software application. A service level component is provided that enables authorization of authorized identities and provides authenticated access to various Tyk-supported components such as the Tyk Dashboard, Tyk Developer Portal, and Tyk Gateway API streams e.g., OAuth...

9.1CVSS8.3AI score0.01011EPSS
Exploits0References6
Veracode
Veracode
added 2021/03/16 1:23 a.m.18 views

Arbitrary File Delete

github.com/tyktechnologies/tyk is vulnerable to arbitrary file delete. The vulnerability exists through the handleAddOrUpdateApi function in api.go where json files outside of the application can be deleted if the file path is specified in the request...

5.3CVSS1.5AI score0.00525EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/03/15 5:15 p.m.6 views

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

5.3CVSS5.9AI score0.00525EPSS
Exploits1References2
NVD
NVD
added 2021/03/15 5:15 p.m.17 views

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

5.3CVSS0.00525EPSS
Exploits1References2
Prion
Prion
added 2021/03/15 5:15 p.m.12 views

Directory traversal

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

4.6CVSS5.3AI score0.00525EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/03/15 4:45 p.m.25 views

CVE-2021-23357 Directory Traversal

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

3.3CVSS5.6AI score0.00525EPSS
Exploits1References2
CVE
CVE
added 2021/03/15 4:45 p.m.37 views

CVE-2021-23357

CVE-2021-23357 - Normal mode (concrete details available) Affected software: github.com/TykTechnologies/tyk/gateway (Tyk Gateway) with the vulnerability reported across multiple feeds. Vulnerability and root cause: Directory Traversal via the handleAddOrUpdateApi function. The APIID supplied by t...

5.3CVSS4.6AI score0.00525EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/15 4:40 p.m.3 views

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

5.3CVSS5.6AI score0.00525EPSS
Exploits1References3
Snyk
Snyk
added 2020/11/19 3:6 p.m.3 views

Directory Traversal

Overview github.com/TykTechnologies/tyk/gateway is a Tyk Gateway API Affected versions of this package are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The API...

5.3CVSS6.8AI score0.00525EPSS
Exploits1References2
Veracode
Veracode
added 2017/05/03 6:19 a.m.11 views

Brute Force Attacks

github.com/tyktechnologies/tyk is vulnerable to brute force attacks. The library does not have any timeout configured, allowing a malicious user to have numerous retries to brute force the password for an account...

6.8AI score
Exploits0
Rows per page
Query Builder