4 matches found
Open Redirect
Overview @workos/authkit-session is a Framework-agnostic authentication library for WorkOS with pluggable storage adapters Affected versions of this package are vulnerable to Open Redirect via the handleCallback function when processing the returnPathname value derived from the OAuth state...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of validation on attacker-controlled counts and lengths in the SPDY/3 frame parser. An attacker can exhaust process memory and cause an out-of-memory crash by sending ...
Arbitrary Command Injection
Overview @cdklabs/cdk-proserve-lib is an AWS CDK library containing constructs, aspects, and patterns. Affected versions of this package are vulnerable to Arbitrary Command Injection due to forgetting to export the new Aspect. An attacker can compromise insecure resource policy settings,...
Race Condition
Overview ophyd-async is an Asynchronous Bluesky hardware abstraction code, compatible with control systems like EPICS and Tango Affected versions of this package are vulnerable to Race Condition when setting one signal and monitoring another. This issue could lead to missed signal changes or...