5 matches found
OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths
Description A flaw was identified in the OpenSearch REST layer that could allow authorization checks to be bypassed when processing certain malformed HTTP requests. This could permit unauthorized access to restricted API endpoints in environments that rely on REST-layer authorization...
GHSA-83X9-VC3C-HGHC OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths
Description A flaw was identified in the OpenSearch REST layer that could allow authorization checks to be bypassed when processing certain malformed HTTP requests. This could permit unauthorized access to restricted API endpoints in environments that rely on REST-layer authorization...
User Impersonation
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to User Impersonation via the access request system. An attacker can obtain elevated privileges and impersonate trusted devices by submitting misleading descriptions,...
Arbitrary Code Injection
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Arbitrary Code Injection via the appstore.js REST API endpoint, which allows the installation of npm packages using unsanitized version specifiers. An administrator...
Arbitrary Code Execution
Overview MongoDB.Driver is an Official .NET driver for MongoDB. Affected versions of this package are vulnerable to Arbitrary Code Execution via ObjectSerializer when deserializing a compromised object. Exploiting this vulnerability allows a privileged user to cause arbitrary code execution, whic...