7044 matches found
Fides Information Disclosure Vulnerability in Config API Endpoint
ImpactThe Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the...
Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop.This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.That is, for example, the case when the pypdf-user manipulates an incoming...
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages
ImpactThe Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
ImpactThe Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases.To pass extra control data between...
Fides JavaScript Injection Vulnerability in Privacy Center URL
ImpactThe Fides web application allows users to edit consent and privacy notices such as cookie banners. These privacy notices can then be served by other integrated websites, for example in cookie consent banners. One of the editable fields is a privacy policy URL and this input was found to not...
Ansible galaxy-importer Path Traversal vulnerability
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
Langchain Server-Side Request Forgery vulnerability
In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks...
dtale vulnerable to Remote Code Execution through the Custom Filter Input
ImpactUsers hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. PatchesUsers should upgrade to version 3.7.0 where the "Custom Filter" input is turned off by default. You can find out more information on how to turn it back on...
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backendNote: thevulnerability is about the information exposed in the logs not abo...
Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload
ImpactThe Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems...
PDM Trojan Lockfile
SummaryIt's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. DetailsProject foo can be targeted by creating the project foo-2 and uploading the file...
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
Impactyt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combined...
NI MeasurementLink Python Services Improper Access Restriction vulnerability
ImpactAn improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using...
Defining resource name as integer may give unintended access in vantage6
ImpactMalicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names.One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for...
TorBot vulnerable to Inefficient Regular Expression Complexity in validate_link
SummaryThe torbot.modules.validators.validatelink function uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument...
Microsoft Common Data Model SDK Denial of Service Vulnerability
Microsoft Common Data Model SDK Denial of Service Vulnerability...
pretix allows Pillow to parse EPS files
pretix before 2023.7.2 allows Pillow to parse EPS files...
Ansible may expose private key
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabili...
OpenStack Barbican credential leak flaw
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics
SummaryAutoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. DetailsHTTP method for requests can be easily set by an attacker to be random and long. PoCSend many reques...
Apache HDFS Provider error message suggested
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentationinfo pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The...
OpenStack Barbican information disclosure vulnerability
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...
OpenStack Heat information leak vulnerability
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...
Gradio arbitrary file upload vulnerability
Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface...
libwebp: OOB write in BuildHuffmanTable
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page...
pgAdmin failed to properly control the server code
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an...
Zope vulnerable to Stored Cross Site Scripting with SVG images
ImpactThere is a stored cross site scripting vulnerability for SVG images.Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user...
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
ImpactThe proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to th...
Apache Superset Server Side Request Forgery vulnerability
Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF...
Apache Superset has improper default REST API permission for Gamma users
An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections...
Apache Superset users may incorrectly create resources using the import charts feature
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0...
Pyramid static view path traversal up one directory
ImpactThis impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be...
Information disclosure in AccessControl
ImpactPython's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown getattr and getitem, not the policy...
Apache Superset has incorrect authorization check
An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability...
Apache Superset vulnerable to improper data authorization
Improper data authorization check on Jinja templated queries in Apache Supersetup to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
Summaryhyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched files should be contained within the project root directory, but that is no...
Apache Superset may expose internal traces on REST API endpoints
By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users.This vulnerability exists in Apache Superset versions up to and including 2.1.0...
Airflow Sqoop Provider RCE Vulnerability
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...
Apache Superset Deserialization of Untrusted Data vulnerability
If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by t...
Apache Superset Improper Input Validation vulnerability
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names likesqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using...
Remote Code Execution in Custom Integration Upload
ImpactThe Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox c...
Excessive Iteration in gRPC
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/Three vectors were found that allow the following DOS attacks:- Unbounded memory buffering in the HPACK parser- Unbounded CPU consumption in...
Sentry vulnerable to incorrect credential validation on OAuth token requests
ImpactAn attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account...
Apache Airflow missing Certificate Validation
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, andApache Airflow before 2.7.0 are affected by theValidation of OpenSSL Certificate vulnerability.The default SSL context with SSL library did not check a server's X.509certificate. Instead, the code accepted an...
pandasai vulnerable to prompt injection
An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function...
Apache Airflow Spark Provider Improper Input Validation vulnerability
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.It is recommended to upgrade to a version that is not affected...
FaucetSDN Ryu Denial of Service Vulnerability
An issue was discovered in OFPBundleCtrlMsg in parser.py in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service DoS infinite loop...
Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint
SummaryIn the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license view that does not exist. DetailsIn the /license/ endpoint, the licensedetailsview...
apache-airflow-providers-apache-drill Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read file...