35669 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the CreateTarFromZip process. An attacker can exhaust system memory and cause a service outage by uploading a zip file containing many highly compressible entries, resulting in...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the CreateTarFromZip process. An attacker can exhaust system memory and cause a service outage by uploading a zip file containing many highly compressible entries, resulting in...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the httpapi.RequestHost process. An attacker can gain unauthorized access to sensitive data by sending requests with a crafted X-Forwarded-Host header, which is trusted over the real...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the httpapi.RequestHost process. An attacker can gain unauthorized access to sensitive data by sending requests with a crafted X-Forwarded-Host header, which is trusted over the real...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the httpapi.RequestHost process. An attacker can gain unauthorized access to sensitive data by sending requests with a crafted X-Forwarded-Host header, which is trusted over the real...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the httpapi.RequestHost process. An attacker can gain unauthorized access to sensitive data by sending requests with a crafted X-Forwarded-Host header, which is trusted over the real...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the httpapi.RequestHost process. An attacker can gain unauthorized access to sensitive data by sending requests with a crafted X-Forwarded-Host header, which is trusted over the real...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the httpapi.RequestHost process. An attacker can gain unauthorized access to sensitive data by sending requests with a crafted X-Forwarded-Host header, which is trusted over the real...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the httpapi.RequestHost process. An attacker can gain unauthorized access to sensitive data by sending requests with a crafted X-Forwarded-Host header, which is trusted over the real...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the httpapi.RequestHost process. An attacker can gain unauthorized access to sensitive data by sending requests with a crafted X-Forwarded-Host header, which is trusted over the real...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the AllowedIPs process. An attacker can intercept network traffic and serve spoofed content by supplying arbitrary AllowedIPs prefixes, allowing them to claim another agent's tailnet address. This is only...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the AllowedIPs process. An attacker can intercept network traffic and serve spoofed content by supplying arbitrary AllowedIPs prefixes, allowing them to claim another agent's tailnet address. This is only...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the UpsertWorkspaceApp process. An attacker can gain unauthorized access to another user's workspace app by submitting a crafted payload with a known victim app UUID and an...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the UpsertWorkspaceApp process. An attacker can gain unauthorized access to another user's workspace app by submitting a crafted payload with a known victim app UUID and an...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the UpsertWorkspaceApp process. An attacker can gain unauthorized access to another user's workspace app by submitting a crafted payload with a known victim app UUID and an...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the UpsertWorkspaceApp process. An attacker can gain unauthorized access to another user's workspace app by submitting a crafted payload with a known victim app UUID and an...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the UpsertWorkspaceApp process. An attacker can gain unauthorized access to another user's workspace app by submitting a crafted payload with a known victim app UUID and an...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the UpsertWorkspaceApp process. An attacker can gain unauthorized access to another user's workspace app by submitting a crafted payload with a known victim app UUID and an...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the NewDataBuilder process in provisionersdk/proto/dataupload.go when allocating memory based on a client-supplied FileSize value without an upper-bound check. An attacker can cause the...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the NewDataBuilder process in provisionersdk/proto/dataupload.go when allocating memory based on a client-supplied FileSize value without an upper-bound check. An attacker can cause the...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the NewDataBuilder process in provisionersdk/proto/dataupload.go when allocating memory based on a client-supplied FileSize value without an upper-bound check. An attacker can cause the...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the coder config-ssh process. An attacker can execute arbitrary commands on the local system by injecting malicious SSH configuration directives through unsanitized server-supplied values. This is only exploitable ...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the coder config-ssh process. An attacker can execute arbitrary commands on the local system by injecting malicious SSH configuration directives through unsanitized server-supplied values. This is only exploitable ...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the coder config-ssh process. An attacker can execute arbitrary commands on the local system by injecting malicious SSH configuration directives through unsanitized server-supplied values. This is only exploitable ...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the coder config-ssh process. An attacker can execute arbitrary commands on the local system by injecting malicious SSH configuration directives through unsanitized server-supplied values. This is only exploitable ...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the PUT /api/v2/users/user/password endpoint. An attacker can gain unauthorized access to owner-level accounts by resetting their passwords without knowing the current password, allowing privilege escalation a...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the PUT /api/v2/users/user/password endpoint. An attacker can gain unauthorized access to owner-level accounts by resetting their passwords without knowing the current password, allowing privilege escalation a...
Authentication Bypass by Alternate Name
Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via improper handling of OIDC authentication and the emailverified claim. An attacker can gain unauthorized access to another user's account by authenticating with an email address matching the...
Authentication Bypass by Alternate Name
Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via improper handling of OIDC authentication and the emailverified claim. An attacker can gain unauthorized access to another user's account by authenticating with an email address matching the...
Authentication Bypass by Alternate Name
Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via improper handling of OIDC authentication and the emailverified claim. An attacker can gain unauthorized access to another user's account by authenticating with an email address matching the...
Authentication Bypass by Alternate Name
Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via improper handling of OIDC authentication and the emailverified claim. An attacker can gain unauthorized access to another user's account by authenticating with an email address matching the...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast via the OIDC callback process. An attacker can gain unauthorized access to user accounts by exploiting improper type handling of the emailverified claim, allowing account takeover without prior...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast via the OIDC callback process. An attacker can gain unauthorized access to user accounts by exploiting improper type handling of the emailverified claim, allowing account takeover without prior...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast via the OIDC callback process. An attacker can gain unauthorized access to user accounts by exploiting improper type handling of the emailverified claim, allowing account takeover without prior...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast via the OIDC callback process. An attacker can gain unauthorized access to user accounts by exploiting improper type handling of the emailverified claim, allowing account takeover without prior...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the startAssetImport process. An attacker can access arbitrary files on the server filesystem and potentially interact with internal or cloud metadata endpoints by uploading a specially crafted ETS...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the UserResourceImpl process. An attacker can access sensitive user profile information, client roles, and realm roles across different realms by supplying a valid user UUID from anoth...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect protocol check in the helmet middleware, which fails to set the Strict-Transport-Security header even when configured. An attacker can intercept and manipulate network...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect protocol check in the helmet middleware, which fails to set the Strict-Transport-Security header even when configured. An attacker can intercept and manipulate network...
Incorrect Implementation of Authentication Algorithm
Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the ScramAuthenticator class, which fails open by confirming only that the server advertised a...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the PcfFontFile.loadbitmaps process. An attacker can cause excessive memory allocation by supplying crafted PCF font data that bypasses decompression bomb checks. Remediation Upgrade pillo...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the handlemessage process. An attacker can execute arbitrary tool handlers by...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the GdImageFile.open process. An attacker can cause excessive memory allocation by supplying a crafted .gd file that bypasses decompression bomb checks. Remediation Upgrade pillow to versio...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the FontFile.compile process. An attacker can cause excessive memory allocation by providing a specially crafted font file that triggers uncontrolled resource consumption during image...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the bdfchar process when attacker-controlled dimensions from a BDF font file are passed to Image.new without invoking the decompressionbombcheck function. An attacker can cause excessive...
Arbitrary Code Injection
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection in the eval process used by certain agent components when evaluating external input with fulleval=True. An attacker can execute arbitrary system commands b...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the getcommand function. An attacker can execute arbitrary commands by supplying a file path containing shell metacharacters. Remediation Upgrade pillow to version 12.3.0 or higher. References - GitHub Advisory -...
SQL Injection
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to SQL Injection through the SQLChatAgent process. An attacker can access arbitrary files on the server by crafting SQL queries that bypass the regex-based blocklist using quoted...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the DownloadTinyFile process when the scheduler's gRPC service accepts attacker-controlled values for PeerHost.Ip and PeerHost.DownPort without proper validation. An attacker can cause the scheduler t...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the DownloadTinyFile process when the scheduler's gRPC service accepts attacker-controlled values for PeerHost.Ip and PeerHost.DownPort without proper validation. An attacker can cause the scheduler t...