GHSA-P4F6-H8JJ-VFVF Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-528q-4pgm-wvg2. This link is maintained to preserve external references. Original Description A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scrip...

EUVD-2018-2372

Malware in sbrugna...

GHSA-528Q-4PGM-WVG2 Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Description The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser. Affected URLs: - /response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert%27xss%27%3E...

SUSE CVE-2017-11468

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service memory consumption via the manifest endpoint...