Lucene search
K
GithubMost viewed

33123 matches found

Github Security Blog
Github Security Blog
added 2021/12/09 7:17 p.m.147 views

Denial of Service (DoS) in Jackson Dataformat CBOR

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 2.8.0-rc1 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

7.5CVSS7.5AI score0.03074EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/12/21 4:28 p.m.147 views

Server-Side Forgery Request can be activated unmarshalling with XStream

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15...

7.7CVSS8.3AI score0.82238EPSS
Exploits4References15Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.147 views

Memory leak in Tensorflow

Impact If a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/c/eager/dlpack.ccL100-L104 The allocated memory is from...

4.3CVSS1.5AI score0.00684EPSS
Exploits1References9Affected Software3
Github Security Blog
Github Security Blog
added 2023/03/07 6:30 p.m.146 views

Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server from 2.4.30 through 2.4.55 and the uWSGI PyPI package prior to version 2.0.22. Special characters in the origin response header can truncate/split the response forwarded to the...

7.5CVSS6.8AI score0.02134EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/03 11:7 p.m.146 views

Directus vulnerable to Server-Side Request Forgery On File Import

Summary Directus versions =9.22.4 is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls that were implemented to patch vulnerability CVE-2022-23080 by performing a DNS rebinding attack a...

7.5CVSS5.9AI score0.0096EPSS
Exploits2References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/05/15 6:59 p.m.146 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

9.8CVSS8.9AI score0.18671EPSS
Exploits0References26Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.145 views

Request smuggling leading to endpoint restriction bypass in Gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.5CVSS7.4AI score0.02996EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/17 9:51 p.m.145 views

XSS Vulnerability in Markdown Editor

Impact InvenTree uses EasyMDE for displaying markdown text in various places e.g. for the various "notes" fields associated with various models. By default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the use...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/22 6:49 p.m.145 views

Renderers can obtain access to random bluetooth device without permission in Electron

Impact This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device...

5CVSS2.8AI score0.00909EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/03 11:33 p.m.145 views

HTTP Response Splitting (Early Hints) in Puma

Impact If an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting...

6.5CVSS6.6AI score0.01571EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/10 6:31 p.m.144 views

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

10CVSS9.2AI score0.99945EPSS
Exploits46References15Affected Software2
Github Security Blog
Github Security Blog
added 2023/04/13 9:30 p.m.144 views

Spring Framework vulnerable to denial of service

In Spring Framework versions prior to 5.2.24.release+ , 5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial-of-service DoS condition...

6.5CVSS6.4AI score0.01122EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/07 11:8 p.m.144 views

Improper Handling of Missing Values in kaml

Impact Attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. This only affects applications that use polymorphic serialization with t...

6.5CVSS6.3AI score0.01658EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/16 8:34 p.m.143 views

DOMPurify allows tampering by prototype pollution

It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by...

7.3CVSS6AI score0.00844EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/14 3:30 p.m.143 views

Jenkins CSRF protection bypass vulnerability

Jenkins provides context menus for various UI elements, like links to jobs and builds, or breadcrumbs. In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided value...

8CVSS6.7AI score0.0086EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/22 11:28 p.m.143 views

XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights

Impact The processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the...

7.5CVSS0.1AI score0.46666EPSS
Exploits1References17Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/31 5:59 p.m.142 views

Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by either of two vectors: 1. hash collisions - leading to large CPU consumption disproportionate to the size of the data being deserialized. 1. stack overflow -...

6.8CVSS6.3AI score0.01578EPSS
Exploits0References8Affected Software5
Github Security Blog
Github Security Blog
added 2024/09/03 9:59 p.m.142 views

pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt. If you are...

7AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/23 9:30 p.m.141 views

openssl npm package vulnerable to command execution

The openssl aka node-openssl NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field used for command execution. NOTE: This vulnerability only affects products that are no longer supported by t...

9.8CVSS6.9AI score0.01909EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/21 10:41 p.m.141 views

dio vulnerable to CRLF injection with HTTP method string

Impact The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669. Patches The vulnerability has been resolved by https://github.com/cfug/dio/commit/927f79e93ba39f3c3a12c190624a55653d577984, and included sinc...

7.5CVSS6.5AI score0.01158EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/20 11:18 p.m.141 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS3.7AI score0.10448EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/15 3:51 p.m.141 views

elFinder unsafe upload filtering leading to remote code execution

Impact Before elFinder 2.1.58, the upload filter did not disallow the upload of .phar files. As several Linux distributions are now shipping Apache configured in a way it will process these files as PHP scripts, attackers could gain arbitrary code execution on the server hosting the PHP connector...

9.8CVSS0.7AI score0.19083EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/10 5:21 p.m.141 views

Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

7.5CVSS7.5AI score0.03058EPSS
Exploits0References12Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/20 4:40 p.m.141 views

Deserialization of Untrusted Data in PyYAML

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...

9.8CVSS3AI score0.05156EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/09 6:49 p.m.141 views

Possible request smuggling in HTTP/2 due missing validation

Impact If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the...

5.9CVSS0.2AI score0.18891EPSS
Exploits0References93Affected Software3
Github Security Blog
Github Security Blog
added 2022/04/17 12:0 a.m.140 views

Withdrawn Advisory: Incorrect Authorization in cross-fetch

Withdrawn Advisory This advisory has been withdrawn because the vulnerability originates from a dependency. For more information, see the Maintainer comments in https://huntr.com/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac. Original Description When fetching a remote url with Cookie if it get...

8.8CVSS7.3AI score0.01153EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/05 12:0 a.m.140 views

Improper Restriction of XML External Entity Reference in Liquibase

The XMLChangeLogSAXParser function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference...

9.8CVSS3.7AI score0.02921EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/22 8:38 p.m.140 views

Embedded malware in ua-parser-js

The npm package ua-parser-js had three versions published with malicious code. Users of affected versions 0.7.29, 0.8.0, 1.0.0 should upgrade as soon as possible and check their systems for suspicious activity. See this issue for details as they unfold. Any computer that has this package installe...

8.8CVSS4.3AI score0.01314EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.140 views

md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...

10CVSS7.6AI score0.02161EPSS
Exploits3References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/15 4:8 p.m.139 views

go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to and...

6.8CVSS6.5AI score0.00961EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/14 5:58 p.m.138 views

@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processin...

5.3CVSS7.1AI score0.0058EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/16 4:2 p.m.138 views

Undici proxy-authorization header not cleared on cross-origin redirect in fetch

Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers. Patches This is patched in v5.28.3 and v6.6.1 Workarounds There are no known workarounds. References - https://fetch.spec.whatwg.org/authentication-entries -...

4.5CVSS7.1AI score0.00765EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.138 views

Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation

When using the Vault and Vault Enterprise Vault approle auth method, any authenticated user with access to the /auth/approle/role/:rolename/secret-id-accessor/destroy endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999, has...

8.1CVSS6.8AI score0.00597EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/03 4:57 p.m.138 views

Misinterpretation of malicious XML input

Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to one of the fixed versions of @xmldom/xmld...

6.5CVSS1.1AI score0.01347EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2021/06/18 6:33 p.m.138 views

Deserialization of Untrusted Data in Flask-Caching

Flask-Cache adds easy cache support to Flask. The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they...

9.8CVSS1.8AI score0.07288EPSS
Exploits3References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/21 7:16 p.m.138 views

.NET Core Information Disclosure

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

7.5CVSS3.5AI score0.14833EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/28 7:11 p.m.138 views

IPC messages delivered to the wrong frame in Electron

Impact IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app does ANY of the following, then it is impacted by this issue: - Uses...

6.5CVSS6.2AI score0.01725EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2020/04/10 6:42 p.m.138 views

Remote Code Execution (RCE) vulnerability in dropwizard-validation

Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...

9CVSS1.1AI score0.05175EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 10:20 p.m.138 views

laravel framework SQL Injection via limit and offset functions

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

7.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/30 4:57 p.m.137 views

efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts

Impact A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below, and aws-efs-csi-driver versions v1.4.7 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior t...

4.2CVSS4.7AI score0.0059EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/25 12:0 a.m.137 views

hoek subject to prototype pollution via the clone function.

hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1...

8.1CVSS7.8AI score0.0095EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2022/04/27 9:9 p.m.137 views

Cross-site Scripting in org.owasp.esapi:esapi

Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configuration file that can cause URLs with the "javascript:" scheme to NOT be sanitized. See the reference below for full details. Patches Patched in...

6.1CVSS6.6AI score0.01632EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2020/06/10 8:2 p.m.136 views

Reflected Cross-Site Scripting in Apache CXF

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...

6.1CVSS1.9AI score0.07055EPSS
Exploits0References17Affected Software2
Github Security Blog
Github Security Blog
added 2020/01/30 9:22 p.m.136 views

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in: the core parser, paste and visualchars plugins. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are...

6.1CVSS0.1AI score0.01248EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 7:34 p.m.136 views

DNN (aka DotNetNuke) has Remote Code Execution via a cookie

DNN aka DotNetNuke before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 Critical Possible remote code execution on DNN sites."...

8.8CVSS4.6AI score0.94789EPSS
Exploits6References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/06/05 4:53 p.m.135 views

Yii 2 Redis may expose AUTH parameters in logs in case of connection failure

Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs...

6.5CVSS6.6AI score0.00283EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/14 10:13 p.m.135 views

Grafana Forward OAuth Identity Token can allow users to access some data sources

When a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have...

4.3CVSS6.6AI score0.02013EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/10 9:28 p.m.135 views

HTTP/2 Stream Cancellation Attack

HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RSTSTREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The clie...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References190Affected Software12
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.136 views

HashiCorp Vault's revocation list not respected

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...

5.3CVSS6.9AI score0.00396EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/12 3:30 p.m.135 views

Protobuf Java vulnerable to Uncontrolled Resource Consumption

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

7.5CVSS7.4AI score0.00483EPSS
Exploits0References3Affected Software2
Total number of security vulnerabilities5000