2 matches found
GHSA-74VM-8FRP-7W68 EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)
Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. Thi...
Ruby Net::LDAP gem SSL Certificate Validation Vulnerability
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto.Net::LDAP aka net-ldap gem is one of the lightweight directory access modules. A security vulnerability exists in the Ruby Net::LDAP gem prior to version...