Shopware vulnerable to Improper Input Validation of Clearance sale in cart

Impact It is possible to put the same line item multiple one in the cart using API, the Cart Validators checked the line item's individuality and the user was able to skip the clearance sale in cart Patches The problem has been fixed with 6.4.18.1 Workarounds For older versions of 6.1, 6.2, and...

Design/Logic Flaw

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in...

CVE-2023-22730 Improper Input Validation of Clearance sale in cart

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in...

CVE-2023-22730 Improper Input Validation of Clearance sale in cart

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions It was possible to put the same line item multiple times in the cart using the AP. The Cart Validators checked the line item's individuality and the user was able to bypass quantity limits in...

GHSA-QV66-F876-VJVR skeemas Inefficient Regular Expression Complexity vulnerability

A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is...

skeemas Inefficient Regular Expression Complexity vulnerability

A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is...

CVE-2018-25074

A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named...

Design/Logic Flaw

A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named...

CVE-2018-25074

Prestaul skeemas is affected by a Regular Expression Denial of Service (ReDoS) due to inefficient regex handling in validators/base.js when processing the uri argument. Root cause is an under-optimized manipulation of the uri that increases regex complexity. A patch, named 65e94eda62dc8dc148ab3e5...

PT-2023-10815 · Unknown · Prestaul Skeemas

Name of the Vulnerable Software and Affected Versions: Prestaul skeemas affected versions not specified Description: A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the...

The Frax ETH liquid staking protocol WRONGLY assumes that the users can convert their sfrxETH for more frxETH over time

Lines of code Vulnerability details Impact The Frax ETH liquid staking protocol WRONGLY assumes that the users can convert their sfrxETH for more frxETH over time.But because of any untoward incident if the validators stake can gets slashed, then this assumption will be wrong and can cause severe...

[SECURITY] Fedora 36 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-7.fc36

Protoc plugin to generate polyglot message validators...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-6.fc36

Protoc plugin to generate polyglot message validators...

Malicious code in prop-validators (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 208823f77227ee7ce0ddb2250eff9a0f1c0b1c93919dc9c90b7c03e52a669696 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Missing check in the updateValset function

Lines of code Vulnerability details Impact The updateValset function don't check that the sum of the powers of the new validators in the new valset is greater than the threshold, which can lead to unwanted behavior. There are 2 main problems that can occur in that situation: 1. The sum of the new...

it's possible that validators don't have enough power

Lines of code Vulnerability details newValset parameter in updateValset can have validators that don't have enough power combined for passing the threshold. Recomendation mitigation steps check that the validators power combined is bigger than the threshold --- The text was updated successfully,...

Rugpull vector : a single admin address can withdraw all funds

Lines of code Vulnerability details Impact Someone with access to admin keys could rug pull all funds Proof of Concept The gravity.sol contract should work as an escrow to mint equivalent tokens in the cosmos chain. This is maintained by a system of validators. The possible decentralization of th...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc36

Protoc plugin to generate polyglot message validators...