Insufficiently Protected Credentials

Overview @hapi/wreck is a HTTP Client Utilities library. Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to the improper origin validation in the cross-origin redirect handling. An attacker can obtain sensitive credential headers by crafting cross-port...

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the ssx and jsx endpoints when a leading slash is used. An attacker can access sensitive configuration files by crafting a URL that traverses directories. Note: This issue is due to...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the process that generates uninstall scripts from uploaded software packages, due to improper sanitization of metadata fields. An attacker can execute arbitrary commands with elevated privileges on managed endpoints...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authentication middleware in the smPolicyGroup route group, which allows unauthenticated requests to access sensitive endpoints. An attacker can gain unauthorized access to subscriber information,...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GET /api/v1/stable/dags/tasks endpoint via improper tenant checks in the listTasksByDAGIds function. An attacker can access sensitive task metadata belonging to other tenants by...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization due to improper isolation of the SecurityContext. When an authenticated user experiences an authorization failure, their security context is not properly cleared from the underlying gRPC worker...

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict via a mismatch in path normalization between components. An attacker can gain unauthorized access to restricted resources or perform actions without proper authentication by crafting requests with specially...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the cross-domain redirects that do not strip custom authentication headers such as X-API-Key, X-Auth-Token, Api-Key, Token. An attacker can obtain sensitive...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /loadIG endpoint, which accepts user-supplied URLs and makes server-side HTTP requests without proper validation of hostnames, schemes, or domains. An attacker can probe internal network services...

Reliance on Untrusted Inputs in a Security Decision

Overview Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through spoofed headers in the Rate-Limit process. An attacker can circumvent request throttling by manipulating HTTP headers to appear as different users or clients, potentially...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the E2E Metadata Parser API endpoint, which processes unbounded request bodies without size restrictions. An authenticated user can cause the server to run out of memory and disru...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the KillAction and RestartAction API handlers when a log entry is created with a nil binding through StartActionByGet using an invalid action ID. An attacker can cause repeated server-side panics and disrupt...

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the JSON-RPC and MCP protocol message parsing. An attacker can bypass intermediary inspection or cause cross-implementation inconsistencies by sending protocol messages with non-standard field casing or Unicod...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the forgot password process. An attacker can gain unauthorized access to user accounts by manipulating the Host header to injecting custom domains into the password reset link sent to users...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in which maps from multiple components may be accessed without synchronization. When under heavy concurrent activity, either spontaneous or attacker-generated, the process can be caused to panic and crash with fatal error...