Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the addWebhookAuthorization function. An attacker can cause excessive memory allocation by sending a large request body to the publicly accessible /api/v1/events/ endpoint,...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the addWebhookAuthorization function. An attacker can cause excessive memory allocation by sending a large request body to the publicly accessible /api/v1/events/ endpoint,...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the rbacAuthorization process in gatekeeper.go when SSO RBAC delegation is enabled and a user's claims match a namespace-level RBAC rule but not an SSO-namespace rule. An attacker can cause the server to pani...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the configMapSyncProvider process. An attacker can create, read, update, or delete Kubernetes ConfigMaps containing synchronization limits by sending crafted requests with any Bearer token, including fake tokens...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/system endpoint. An attacker can obtain sensitive internal system information, such as installed version and license data, by sending authenticated requests to this endpoint without the required...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the process for managing user avatars due to insufficient authorization checks. An attacker can gain unauthorized access to create, replace, or delete user avatars by leveraging file permissions without the...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the authorization process. An attacker can gain unauthorized access to sensitive site, user, and role information by sending authenticated requests as a Panel user. This is only exploitable if the site is...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the UploadAllFiles process. An attacker can cause the daemon to crash by importing a truncated or malformed backup archive that triggers a nil-pointer dereference during tar file iteration. Remediation...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the UploadAllFiles process. An attacker can cause the daemon to crash by importing a truncated or malformed backup archive that triggers a nil-pointer dereference during tar file iteration. Remediation...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the UploadAllFiles process. An attacker can cause the daemon to crash by importing a truncated or malformed backup archive that triggers a nil-pointer dereference during tar file iteration. Remediation...

Missing Authentication for Critical Function

Overview arelle-release is an An open source XBRL platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the plugins parameter in the /rest/configure endpoint, which is processed without authentication or authorization. An attacker can execu...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the loadpnm process. An attacker can cause a heap buffer overflow by supplying a crafted PNM/PGM/PPM file with large dimension values that trigger an integer overflow during size computation, leading to...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the nbcolors field of the BMP file header during the loadbmp process. An attacker can cause an out-of-memory condition and crash the application by supplying a crafted BMP file with a large...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the inspect function. An attacker can execute arbitrary commands on the host system by escaping the...

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the inspect function. An attacker can execute arbitrary commands on the host system by escaping the sandbox...