Lucene search
+L

34 matches found

ptsecurity
ptsecurity
added 2025/01/23 12:0 a.m.6 views

PT-2025-6115 · Lemmy +1 · Lemmy +1

Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.19.8 and prior activitypub federation versions 0.6.2 and prior Description: The vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request...

4CVSS7.3AI score0.00406EPSS
Exploits0References12
osv
osv
added 2025/01/21 7:58 p.m.5 views

GHSA-C59P-WQ67-24WX Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify

Summary This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover,...

5.4CVSS5.7AI score0.00572EPSS
Exploits0References6
github
github
added 2025/01/21 7:58 p.m.22 views

Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify

Summary This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover,...

5.4CVSS7.1AI score0.00572EPSS
Exploits0References6Affected Software1
vulnrichment
vulnrichment
added 2025/01/20 4:49 p.m.6 views

CVE-2025-23221 Fedify has an Infinite loop and Blind SSRF found inside the Webfinger mechanism

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security...

5.4CVSS5.4AI score0.00572EPSS
Exploits0References4
cve
cve
added 2025/01/20 4:49 p.m.69 views

CVE-2025-23221

Summary: CVE-2025-23221 affects Fedify’s Webfinger handling, enabling an attacker to abuse lookupWebFinger to trigger an endless redirect loop and potential Blind SSRF, leading to Denial of Service. Multiple sources (Red Hat, NVD/NVD-like entries, OSV, GHSA advisories, Veracode) describe the issu...

5.4CVSS5.5AI score0.00572EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/01/20 12:0 a.m.4 views

Fedify 安全漏洞

Fedify is a TypeScript library by the individual developer Hong Minhee. It is used to build federated server applications supported by ActivityPub and other standards. A security vulnerability exists in Fedify that originates from a denial of service that allows a user to manipulate the Webfinger...

5.4CVSS6.4AI score0.00572EPSS
Exploits0References5
hackerone
hackerone
added 2021/07/27 9:42 a.m.78 views

U.S. Dept Of Defense: [CVE-2021-29156] LDAP Injection at https://██████

Description: https://█████ is vulnerable to CVE-2021-29156 References https://hackerone.com/reports/1278050 https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...

5CVSS7.8AI score0.76385EPSS
Exploits5
hackerone
hackerone
added 2021/07/26 2:28 p.m.101 views

U.S. Dept Of Defense: [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!

Description: https://████████ is vulnerable to CVE-2021-29156. References https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...

5CVSS0.8AI score0.76385EPSS
Exploits5
nvd
nvd
added 2021/03/25 9:15 a.m.16 views

CVE-2021-29156

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...

7.5CVSS0.76385EPSS
Exploits5References2
osv
osv
added 2021/03/25 9:15 a.m.4 views

CVE-2021-29156

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...

7.5CVSS7.1AI score0.76385EPSS
Exploits5References2
prion
prion
added 2021/03/25 9:15 a.m.18 views

Code injection

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...

5CVSS7.8AI score0.76385EPSS
Exploits5References2Affected Software1
cve
cve
added 2021/03/25 8:20 a.m.104 views

CVE-2021-29156

CVE-2021-29156 affects ForgeRock OpenAM (before 13.5.1). An LDAP injection vulnerability via the Webfinger protocol (and password-reset flow) allows unauthenticated attackers to perform character-by-character data extraction, potentially retrieving password hashes, session tokens, or a private ke...

7.5CVSS7.7AI score0.76385EPSS
Exploits5References2Affected Software1
cvelist
cvelist
added 2021/03/25 8:20 a.m.39 views

CVE-2021-29156

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...

8.1AI score0.76385EPSS
Exploits5References2
ptsecurity
ptsecurity
added 2021/03/25 12:0 a.m.14 views

PT-2021-18117 · Forgerock · Forgerock Openam

Name of the Vulnerable Software and Affected Versions: ForgeRock OpenAM versions prior to 13.5.1 Description: The issue allows LDAP injection via the Webfinger protocol. An unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a...

7.5CVSS7.7AI score0.76385EPSS
Exploits5References10
Rows per page
Query Builder