5 matches found
PT-2024-12955 · Unknown · Woocommerce Support System
Name of the Vulnerable Software and Affected Versions: WooCommerce Support System versions 1.2.0 through 1.2.2 Description: A Cross-Site Request Forgery CSRF issue affects the WooCommerce Support System, allowing unauthorized actions. Users are advised to update to the latest version to mitigate...
UBUNTU-CVE-2024-22258
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
Spring Authorization Server Security Vulnerability
VMware Spring Authorization Server is a framework for building secure OAuth 2.0 and OpenID Connect 1.0 authorization servers from VMware. A security vulnerability exists in Spring Authorization Server that stems from the vulnerability of an application to a PKCE downgrade attack when the PKCE...
org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.2.0 <=1.2.2), org.apache.cxf.fediz.examples:springWebapp (>=1.2.0 <=1.2.2) +3 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (>=1.2.0 <=1.2.2)
org.apache.cxf.fediz:fediz-spring MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.2 Source cves: CVE-2016-4464 Source advisory: OSV:GHSA-QPWJ-MVV7-V3M9...
org.apache.cxf.fediz.examples:spring2Webapp (>=1.2.0 <=1.2.2), org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring2 (>=1.2.0 <=1.2.2) +1 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring2 (>=1.2.0 <=1.2.2)
org.apache.cxf.fediz:fediz-spring2 MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.2 Source cves: CVE-2016-4464 Source advisory: OSV:GHSA-QPWJ-MVV7-V3M9...