CVE-2022-24912

The vulnerability is in github.com/runatlantis/atlantis/server/controllers/events (pre-0.19.7) where webhook secret validation uses a non-constant-time comparison, enabling timing attacks to recover the secret and forge webhook events. This aligns with CVE-2022-24912 and related advisories. Impac...

CVE-2022-24912 Timing Attack

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

CVE-2022-24912

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

Fedora: Security Advisory for golang-github-mattermost-xml-roundtrip-validator (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Popular NFT Marketplace Phished for $540M

Axie Infinity, a popular destination for 3 million traders of in-game collectible non-fungible tokens, reportedly lost $540M in cryptocurrency in a recruiting-themed spear phishing attack. The perpetrators of the crime are believed to be an advanced persistent threat group with ties to North...

Fake job offer leads to $600 million theft

Back in March, popular NFT battler Axie Infinity lay at the heart of a huge cryptocurrency theft inflicted on the Ronin network. From the Ronin newsletter: There has been a security breach on the Ronin Network. Earlier today, we discovered that on March 23rd, Sky Mavis’s Ronin validator nodes and...

django: Denial-of-service possibility in UserAttributeSimilarityValidator

A resource-consumption flaw was found in django's UserAttributeSimilarityValidator, where it incurred significant overhead evaluating any submitted password that was artificially large relative to comparison values. A network attacker could exploit this flaw to cause a denial of service...

Security Bulletin: Due to use of Hibernate Validator version 6.1.2.Final IBM Tivoli Network Manager is vulnerable which allows attackers to bypass input sanitation (escaping, stripping) controls(CVE-2020-10693, CVE-2019-10219).

Summary A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put i...

scniro-validator denial of service vulnerability

scniro-validator is a small, dependency-free email validator. scniro-validator version v1.0.1 contains a denial of service vulnerability that stems from a failure to properly handle crafted invalid emails when validating them, which could be exploited by an attacker to cause a denial of service o...

Regular Expression Denial Of Service (ReDoS)

scniro-validator is vulnerable to regular expression denial of service. The vulnerability exists due to a lack of input validation which allows an attacker to crash the system via maliciously crafted email...

CVE-2021-40901

A Regular Expression Denial of Service ReDOS vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails...

CVE-2021-40901

A Regular Expression Denial of Service ReDOS vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails...

Denial of service

A Regular Expression Denial of Service ReDOS vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails...

CVE-2021-40901

A Regular Expression Denial of Service ReDOS vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails...

CVE-2021-40901

CVE-2021-40901 affects scniro-validator v1.0.1 and is described as a Regular Expression Denial of Service (ReDoS) vulnerability triggered when validating crafted invalid emails. The root cause is a faulty/overly backtracking-prone regex in the email validation path, which can cause high CPU usage...

scniro-validator 安全漏洞

scniro-validator is a small, dependency-free email validator. scniro-validator version v1.0.1 contains a denial of service vulnerability that stems from a failure to properly handle crafted invalid emails when validating them, which could be exploited by an attacker to cause a denial of service o...

that-value 安全漏洞

that-value is a multilingual platform validator package by the individual developer Paweł Stefański, Poland. A Regular Expression Denial of Service ReDOS vulnerability exists in that-value version v0.1.3, which can be exploited by an attacker to cause a denial of service when validating a crafted...

PT-2022-11329 · Unknown · Scniro-Validator

Name of the Vulnerable Software and Affected Versions: scniro-validator version 1.0.1 Description: A Regular Expression Denial of Service ReDOS issue was found in the validation of crafted invalid emails. Recommendations: For scniro-validator version 1.0.1, consider updating to a newer version th...

Malicious code in skip-reason-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a30343b31f58eb174f1fed869a1b744f9f733741eb22676357e09395c169212 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6150 Malicious code in skip-reason-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a30343b31f58eb174f1fed869a1b744f9f733741eb22676357e09395c169212 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...