GHSA-845H-985R-JRQH Improper Authentication in Hibernate Validator

ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...

GHSA-5GGR-MPGW-3MGX Improper Input Validation in Apache Struts

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...

Improper Input Validation in Apache Struts

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...

Voting power of new validators not checked in updateValset function, Gravity.sol

Lines of code Gravity.solL276-L358 Vulnerability details Impact While the voting power of the current valset is checked when the checkValidatorSignatures function is called in updateValset, the power of the new valset is not. This could cause some functions to not work since whenever...

updateValset() Insufficient validation of new validator set may brick the contract

Lines of code Vulnerability details In Gravity.solupdateValset, while the signatures of the current validators are verified and = powerThreshold is checked, there is one important validation should be done: check the cumulative power of the new validator set to ensure the contract has sufficient...

Symfony collectionCascaded and collectionCascadedDeeply fields security bypass

When using the Validator component, if Symfony\Component\Validator\Mapping\Cache\ApcCache is enabled or any other cache implementing Symfony\Component\Validator\Mapping\Cache\CacheInterface, some information is lost during serialization the collectionCascaded and the...

GHSA-Q8J7-FJH7-25V5 Symfony collectionCascaded and collectionCascadedDeeply fields security bypass

When using the Validator component, if Symfony\Component\Validator\Mapping\Cache\ApcCache is enabled or any other cache implementing Symfony\Component\Validator\Mapping\Cache\CacheInterface, some information is lost during serialization the collectionCascaded and the...

DEBIAN-CVE-2022-23457

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

CVE-2022-23457

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

CVE-2022-23457

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

OWASP ESAPI 路径遍历漏洞

OWASP ESAPI is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. A path traversal vulnerability exists in ESAPI versions prior to 2.3.0.0, which stems from the default implementation of...

CVE-2022-23457 Path Traversal in ESAPI

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

CVE-2022-23457 Path Traversal in ESAPI

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

PT-2022-3553

Name of the Vulnerable Software and Affected Versions ESAPI versions prior to 2.3.0.0 Description The default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified parent directory. This potentially...

CVE-2022-23457 Path Traversal in ESAPI

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

USN-5373-2 python-django vulnerabilities

USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra...

USN-5373-1 python-django vulnerabilities

It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack. CVE-2022-28346 It was discovered that Django incorrectly handled certain...

Frourio input validation error vulnerability

Frourio is a fast and type-safe full-stack framework for TypeScript. frourio is vulnerable to an input validation error, which stems from the failure of the validator in the product validators/ directory to validate input data, and could be exploited to cause the validator to not work properly fo...

Design/Logic Flaw

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights...

PT-2022-18875 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.37.1 Description: An issue was discovered in the ImportPlanValidator.php file of the FileImporter extension, where it mishandles the check for edit rights. Recommendations: For MediaWiki versions through 1.37.1,...