4 matches found
Incorrect Default Permissions
Overview pepr is a Kubernetes application engine Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default configuration of rbacMode being set to "admin" in the RBAC setup process. An attacker can gain broader privileges than necessary by deploying a...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass through the dispatchReadPump function. An attacker can execute arbitrary commands by sending specially crafted websocket requests. PoC echo -e '"type": "command", "content": "id"' |./websocat...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound which allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. Remediation Upgrade sha3 to version 1.0.5 or higher. Reference...
Server-side Request Forgery (SSRF)
Overview ssrf-agent is a prevent SSRF in https request Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private. PoC by Sayooj B Kumar // run a service on your localhost con...