4 matches found
DataChain ไปฃ็ ้ฎ้ขๆผๆด
DataChain is a version control software from Iterative open source. A code issue vulnerability exists in DataChain 0.34.1 and prior versions, which stems from failure to validate data when reading serialized objects from environment variables, which could lead to code execution...
Design/Logic Flaw
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared wi...
PYSEC-2020-224
An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...
Code injection
shared/inc/sql/lists.php in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options...