11 matches found
Server-side Request Forgery (SSRF)
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request process. An attacker can gain unauthorized read access to internal resources by tricking a user into visiting a maliciously...
Denial of Service (DoS)
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Denial of Service DoS through the handling of system resources. An attacker can cause the application to become unresponsive by sending specially crafted requests that...
Out-of-bounds Read
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Out-of-bounds Read in the input validation process. An attacker can gain unauthorized write access by tricking a user with high privileges into visiting a maliciously craft...
Dependency on Vulnerable Third-Party Component
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Dependency on Vulnerable Third-Party Component through the use of a vulnerable third-party component. An attacker can cause the application to crash by sending specially...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. Adobe Vulnerability Report:This vulnerability could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization that enables a bypass of security features. Remediation Upgrade magento/community-edition to version 2.4.6-p14, 2.4.7-p9, 2.4.8-p4, 2.4.9-beta1 or...
HTTP Response Splitting
Overview blacksheep is a Fast web framework for Python asyncio Affected versions of this package are vulnerable to HTTP Response Splitting via the Client implementation. An attacker can manipulate HTTP requests or inject additional headers by supplying specially input containing carriage return a...
BlackSheep's ClientSession is vulnerable to CRLF injection
Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...
GHSA-6PW3-H7XF-X4GP BlackSheep's ClientSession is vulnerable to CRLF injection
Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...
Improper Input Validation
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation through the PHP filter chain. An attacker with administrative privileges can read files from the system outside of the intended directories and...
PT-2022-23122 · Unknown · Hyperledger Fabric
Name of the Vulnerable Software and Affected Versions: Hyperledger Fabric versions prior to 2.4.6 Description: Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request t...