4 matches found
PT-2026-52909
Name of the Vulnerable Software and Affected Versions RustFS version 1.0.0-beta.4 Description Authenticated users with PutObject permission on their own bucket can exploit a path traversal issue in the Snowball auto-extract feature to write arbitrary objects into buckets belonging to other users,...
keycloak: Keycloak: Information disclosure due to redirect_uri validation bypass
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...
EUVD-2015-5556
Malware in sbrugna...
Internet Bug Bounty: Improper handling of wildcards in --allow-fs-read and --allow-fs-write
The Node.js Permission Model was found to have improper handling of wildcards in the --allow-fs-read and --allow-fs-write options. The implementation silently ignored any text after a wildcard character, potentially granting unintended file system access. Additionally, when the wildcard character...