16 matches found
CVE-2026-5078
A flaw was found in the morgan HTTP request logging middleware. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted Authorization header, breaking...
CVE-2026-5078
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
UBUNTU-CVE-2026-5078
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
Commons-BeanUtils: Arbitary Code Execution
Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...
TencentOS Server 2: apache-commons-beanutils (TSSA-2025:0654)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0654 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
Security Bulletin: Improper Access Control vulnerability in Apache Commons may affect IBM Business Automation Workflow - CVE-2025-48734
Summary IBM Business Automation Workflow packages a copy of Apache commons-beanutils. CVE-2025-48734 has been reported for this library. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...
Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Apache Commons.
Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Apache Commons. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was add...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons ( CVE-2025-48734).
Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons CVE-2025-48734. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...
Linux Distros Unpatched Vulnerability : CVE-2025-48734
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from...
OESA-2025-1715 apache-commons-beanutils security update
The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight. Security Fixes: A vulnerability, which was classified as...
Important: apache-commons-beanutils
Issue Overview: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not...
Integer Overflow to Buffer Overflow
Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow in the UTF32Encoding::convert and UTF32Encoding::queryConvert methods. Remediation Upgrade poco to version 1.11.0 or higher. References - GitHub Commit - GitHub Commit - GitHub Diff - GitHub Issue -...
DEBIAN-CVE-2023-22602
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...
PT-2022-7286
Name of the Vulnerable Software and Affected Versions git versions prior to 1.11.0 Description The issue is related to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that...
Command Injection
Overview git is a Ruby library that can be used to create, read and manipulate Git repositories by wrapping system calls to the git binary. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, t...
CVE-2021-39220
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommend...