6 matches found
@hapi/inert has a static-file confinement bypass via sibling-prefix path
Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...
CVE-2025-66675
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related...
CVE-2025-66675
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related...
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...
PT-2022-22378 · Couchbase · Couchbase Server
Name of the Vulnerable Software and Affected Versions: Couchbase Server versions 7.1.x before 7.1.1 Description: The issue concerns the potential leakage of an encrypted Private Key passphrase in the logs. Recommendations: For Couchbase Server versions 7.1.x before 7.1.1, update to version 7.1.1 ...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialize function in the JSONSerializer class. An attacker can execute arbitrary code by sending a crafted JSON payload to the affected system. Details Serialization is a process of convertin...