EUVD-2020-26490

Malware in sbrugna...

CVE-2020-5304

The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...

WhiteSource CureKit 路径遍历漏洞

WhiteSource CureKit is a security library for WhiteSource Cure self-healing products from WhiteSource Japan. A security vulnerability exists in WhiteSource CureKit versions 1.0.1 through 1.0.3, which stems from isFileOutsideDir failing to properly clean up user input that could result in path...

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, Im using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presente...

org.jenkins-ci.plugins:whitesource (>=20.1.2 <=21.1.2) potentially affected by CVE-2020-2252 via org.jenkins-ci.plugins:mailer (=1.32)

org.jenkins-ci.plugins:mailer MAVEN version =1.32 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:mailer and may be impacted: - org.jenkins-ci.plugins:whitesource =20.1.2, =21.1.2 Source cves: CVE-2020-2252 Source advisory:...

WordPress Admin Columns plugin <= 4.2.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Elkabes WhiteSource in WordPress Admin Columns plugin versions = 4.2.7. Solution Update the WordPress Admin Columns plugin to the latest available version at least 4.3...

WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...

WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...

Prototype Pollution

Overview Prototype pollution vulnerability in set-or-get version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. Recommendation Upgrade to version 1.2.11 or later References - CVE - WhiteSource Advisory...

Prototype Override

Overview Affected versions of querystringify are vulnerable to Prototype Override. If a malicious string is inserted in the query string, it will set the tostring method of the object to the true boolean. Recommendation Upgrade to version 2.0.0 or later References - WhiteSource Advisory - Snyk...

Regular Expression Denial of Service

Overview Affected versions of nwmatcher are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 2k characters long. Recommendation Upgrade to version 1.4.4 or later References - WhiteSource Advisory - Snyk Advisory - GitHub...

WhiteSource Software Application Vulnerability Management Injection Vulnerability

WhiteSource Software Application Vulnerability Management AVM is a suite of application vulnerability management platforms from WhiteSource Software. The platform is mainly used to view and synchronize the review of its static application security test results SAST, dynamic application security...

CVE-2020-5304

The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...

Code injection

The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...

CVE-2020-5304

CVE-2020-5304 affects WhiteSource Application Vulnerability Management (AVM) prior to version 20.4.1. The vulnerability allows log injection by sending a %0A%0D substring in the idp parameter to the /saml/login URI, which can close the current log and create a new log line with attacker-controlle...

CVE-2020-5304

The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...

WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers

Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code,...