34 matches found
PT-2025-6115 · Lemmy +1 · Lemmy +1
Name of the Vulnerable Software and Affected Versions: Lemmy versions 0.19.8 and prior activitypub federation versions 0.6.2 and prior Description: The vulnerability allows a user to bypass any predefined hardcoded URL path or security anti-Localhost mechanism and perform an arbitrary GET request...
GHSA-C59P-WQ67-24WX Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Summary This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover,...
Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify
Summary This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover,...
CVE-2025-23221 Fedify has an Infinite loop and Blind SSRF found inside the Webfinger mechanism
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security...
CVE-2025-23221
Summary: CVE-2025-23221 affects Fedify’s Webfinger handling, enabling an attacker to abuse lookupWebFinger to trigger an endless redirect loop and potential Blind SSRF, leading to Denial of Service. Multiple sources (Red Hat, NVD/NVD-like entries, OSV, GHSA advisories, Veracode) describe the issu...
Fedify 安全漏洞
Fedify is a TypeScript library by the individual developer Hong Minhee. It is used to build federated server applications supported by ActivityPub and other standards. A security vulnerability exists in Fedify that originates from a denial of service that allows a user to manipulate the Webfinger...
U.S. Dept Of Defense: [CVE-2021-29156] LDAP Injection at https://██████
Description: https://█████ is vulnerable to CVE-2021-29156 References https://hackerone.com/reports/1278050 https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...
U.S. Dept Of Defense: [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!
Description: https://████████ is vulnerable to CVE-2021-29156. References https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...
CVE-2021-29156
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...
CVE-2021-29156
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...
Code injection
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...
CVE-2021-29156
CVE-2021-29156 affects ForgeRock OpenAM (before 13.5.1). An LDAP injection vulnerability via the Webfinger protocol (and password-reset flow) allows unauthenticated attackers to perform character-by-character data extraction, potentially retrieving password hashes, session tokens, or a private ke...
CVE-2021-29156
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...
PT-2021-18117 · Forgerock · Forgerock Openam
Name of the Vulnerable Software and Affected Versions: ForgeRock OpenAM versions prior to 13.5.1 Description: The issue allows LDAP injection via the Webfinger protocol. An unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a...