Information Disclosure

H2O-3 is vulnerable to Information Disclosure. The vulnerability is due to improper access control in the ImportFile API PersistNFS.importFiles, allowing remote attackers to access or enumerate file system information that should not be exposed, resulting in unauthorized disclosure of sensitive...

Information Disclosure

Keycloak is vulnerable to Information Disclosure. The vulnerability is due to insufficient enforcement of user profile permissions in the group members endpoint, allowing an administrator with delegated access to read group memberships and users to view user attributes that are explicitly...

NoSQL Injection

Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...

Authorization Bypass

Apache ActiveMQ is vulnerable to Authorization Bypass. The vulnerability is due to incomplete authorization checks when handling destination removal operations, allowing authenticated users with otherwise valid permissions to delete existing destinations without proper authorization validation...

Cross-Origin Resource Sharing (CORS) Misconfiguration

hono is vulnerable to Cross-Origin Resource Sharing CORS Misconfiguration. The vulnerability is due to reflecting arbitrary Origin headers while allowing credentials when no explicit origin is configured, which allows an attacker-controlled website to make authenticated cross-origin requests and...

Improper Handling Of HTTP Headers

hono is vulnerable to Improper Handling of HTTP Headers. The vulnerability is due to using Headers.set instead of Headers.append when processing repeated request headers, which allows multiple header values to be overwritten and truncated, potentially enabling attackers to bypass security control...

Improper Input Validation

hono is vulnerable to Improper Input Validation. The vulnerability is due to trusting the client-supplied Content-Length header instead of validating the actual request body size, which allows an attacker to bypass configured body size limits by declaring a smaller content length while sending a...

Improper Access Control

@astrojs/netlify is vulnerable to Improper Access Control. The vulnerability is due to overly permissive conversion of Astro image.remotePatterns into Netlify Image CDN regular expressions, which allows an attacker to bypass intended hostname and pathname restrictions and access unintended remote...

Server-Side Request Forgery (SSRF)

Astro is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to deriving the error-page fetch URL from the unvalidated Host header during runtime error handling, which allows an attacker to redirect server-side requests to arbitrary hosts and read the resulting responses...

Cross-site Scripting (XSS)

Astro is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled attribute names in the spreadAttributes function during server-side rendering, which allows an attacker to inject arbitrary HTML attributes, event handlers, or malicious HTML content...

Information Exposure

Gitea is vulnerable to Information Exposure. The vulnerability is due to missing reqRepoReaderunit.TypeCode authorization checks on the issuetemplates, issueconfig, and issueconfig/validate API endpoints, which allows an attacker to access and retrieve repository issue template and configuration...

Improper Authorization

code.gitea.io/gitea is vulnerable to improper authorization. The vulnerability is due to the /archive/ endpoint not enforcing OAuth2 download token scope validation checkDownloadTokenScope or CheckRepoScopedToken, which allows an attacker with an OAuth2 token to download repository archives witho...

Authentication Bypass

Spring Web Services is vulnerable to Authentication Bypass. The vulnerability is due to X509AuthenticationProvider issuing a fully authenticated X509AuthenticationToken based solely on certificate-to-user mapping, without enforcing standard account status checks such as disabled, locked, expired,...

Cross-Site Scripting (XSS)

Vitest is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the otelCarrier query parameter being inserted directly into an inline module script and treated as JavaScript source rather than data, which allows an attacker to craft a malicious browser-runner URL and execute...

Path Traversal

DbGate is vulnerable to Path Traversal. The vulnerability is due to the unzipDirectory function failing to validate that extracted file paths remain within the intended output directory, which allows an attacker to upload a malicious ZIP archive containing ../ path entries and write files to...

IP Address Spoofing

Spring Cloud Gateway is vulnerable to IP Address Spoofing. The vulnerability is due to improper trust of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to supply forged client IP information that may be used by downstream applications for security decisions,...

Server-Side Request Forgery (SSRF)

Spring Web Services is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of WS-Addressing ReplyTo and FaultTo headers, where destinations supplied in incoming requests are used directly by configured WebServiceMessageSender instances to initiate...

Open Redirect

Spring Authorization Server is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of the requesturi parameter at the authorization endpoint, where a malicious authorization request can include an invalid requesturi and an attacker-controlled redirecturi, resulting in...

Authenticated Remote Code Execution (RCE)

DbGate is vulnerable to authenticated Remote Code Execution RCE. The vulnerability is due to improper sanitization of the functionName parameter in the /runners/load-reader endpoint, which allows an authenticated attacker to bypass the require = null mitigation using dynamic import and execute...

Denial Of Service (DoS)

markdown-it is vulnerable to Denial of Service DoS. The vulnerability is due to quadratic-time processing in the smartquotes rule when typographer: true is enabled, which allows an attacker to supply specially crafted markdown containing consecutive quotation marks and consume excessive CPU...

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to exposure of QUIC stateless reset tokens through connection ID generation, which allows an on-path attacker to derive the token and send spoofed Stateless Reset packets to terminate active connections...

Improper Certificate Validation

Netty is vulnerable to Improper Certificate Validation. The vulnerability is due to improper wrapping of user-supplied X509TrustManager instances that bypasses hostname verification during TLS certificate validation, which allows an attacker to perform man-in-the-middle attacks using certificates...

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to RedisArrayAggregator pre-allocating an ArrayList based on an untrusted RESP array element count from the network, which allows an attacker to trigger excessive memory allocation and exhaust system resources by sending a...

HTTP Request Smuggling

Netty is vulnerable to HTTP Request Smuggling. The vulnerability is due to HttpObjectDecoder improperly ignoring non-CRLF control characters before the request line, which allows an attacker to create request-boundary confusion between front-end and back-end components and potentially smuggle...

Cross-site Scripting (XSS)

Astro is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping of named slot content inserted into the data-astro-template attribute when using client: directives, which allows an attacker to break out of the attribute context and inject arbitrary HTML or...

Information Disclosure

Vaadin Maven Plugin and Vaadin Gradle Plugin are vulnerable to information disclosure. The vulnerability is due to the plugins logging the complete set of environment variables when the frontend build process fails with a non-zero exit status, which allows an attacker to obtain sensitive...

SQL Injection

org.linlinjava, litemall-wx-api is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input in the list function of WxGoodsController within the Front-end WeChat API, which allows a remote attacker to perform SQL injection attacks by manipulating craft...

Arbitrary Code Execution

org.mapfish.print, print-lib is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper handling of the Dynamic Table feature, which allows an unauthenticated attacker to execute arbitrary code by exploiting the affected functionality...

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of HTTP/2 SETTINGSMAXHEADERLISTSIZE values, which allows an attacker to trigger repeated request processing and response-header generation failures, leading to resource exhaustion similar to an HTTP/2 Rapi...

XML External Entity (XXE) Injection

Spring Web Services is vulnerable to XML External Entity XXE Injection. The vulnerability is due to Jaxp13XPathTemplate using a code path for StreamSource and SAXSource inputs that parses attacker-controlled XML with the default DocumentBuilderFactory configuration instead of Spring's hardened XM...

Information Disclosure

Spring Web Services is vulnerable to Information Disclosure. The vulnerability is due to overly detailed authentication error handling in Spring Security integration paths, where account state information such as whether a user account is locked or disabled can be exposed through SOAP fault...

Weak Cryptography

Spring Web Services is vulnerable to Weak Cryptography. The vulnerability is due to Wss4jSecurityInterceptor defaulting allowRSA15KeyTransportAlgorithm to true, causing inbound WS-Security decryption to accept the weaker RSA PKCS1 v1.5 rsa-15 key transport algorithm instead of Apache WSS4J's safe...

Command Injection

aws-cdk-lib is vulnerable to Command Injection. The vulnerability is due to improper sanitization of user-controlled bundling properties in the NodejsFunction local bundling pipeline, which allows an attacker to inject shell metacharacters and execute arbitrary commands on the host running the CD...

Brute Force Attack

Yamcs Core is vulnerable to Brute Force Attack. The vulnerability is due to the absence of rate limiting, account lockout, and failed login throttling on the /auth/token endpoint, which allows an attacker to perform unlimited password-guessing attempts and conduct brute-force attacks against user...

Path Traversal

tmp is vulnerable to Path Traversal. The vulnerability is due to insufficient validation in assertPath, which only checks string inputs for .. and can be bypassed using non-string values such as Arrays, Buffers, or objects. Attacker-controlled values supplied to prefix, postfix, or template can...

Improper Access Control

Keycloak is vulnerable to Improper Access Control. The vulnerability is due to insufficient audience restriction enforcement in the OpenID Connect token introspection endpoint, which allows an authenticated confidential client to access sensitive token claims intended for other resource servers...

Code Injection

Apache Flink is vulnerable to Code Injection. The vulnerability is due to improper escaping of user-controlled strings during SQL code generation, which allows an authenticated attacker to inject arbitrary Java code and execute it on TaskManagers through specially crafted SQL queries...

Cross-site Scripting

Nuxt is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation of URL schemes in the component, where attacker-controlled values supplied to the to or href props can contain javascript: or vbscript: URLs that are rendered directly into the underlying element,...

Information Exposure

Axios is vulnerable to Information Exposure. The vulnerability is due to improper handling of the Proxy-Authorization header in the Node.js HTTP adapter, where proxy credentials can be forwarded to a redirected destination during certain proxy-to-direct redirect flows, allowing an...

XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

Direct-Memory Resource Leak

RedisArrayAggregator is vulnerable to a direct-memory resource leak. The vulnerability is due to unreleased pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregation completes, which allows an attacker to repeatedly trigger connection churn and exhaust t...

Information Disclosure

netty incubator codec.bhttp is vulnerable to information disclosure. The vulnerability is due to an improper fallback mechanism used to derive native memory addresses for cryptographic operations when sun.misc.Unsafe is unavailable, which allows an unauthenticated attacker to send crafted OHTTP...

Memory Leak

io.netty, netty-codec-haproxy is vulnerable to a memory leak.The vulnerability is due to improper handling of nested PP2TYPESSL TLVs during successful parsing, which leaves the underlying pooled ByteBuf permanently pinned in memory, allowing an attacker to repeatedly send crafted valid headers an...

Denial Of Service

golang.org/x/net/http2 is vulnerable to Denial of Service DoS. The vulnerability is due to a missing nil check when processing HTTP/2 frames, where receiving frame types 0x0a through 0x0f can trigger a server panic, causing the application to crash and resulting in a denial of service condition...

Security Misconfiguration

@hulumi/baseline is vulnerable to Security Misconfiguration. The vulnerability is due to AccountFoundation reuse paths silently downgrading GuardDuty and Security Hub security settings, which allows an attacker to operate with reduced detection and monitoring capabilities in the affected...

Improper Error Handling

@hulumi/drift is vulnerable to Improper Error Handling. The vulnerability is due to the classifier failing open on adapter errors and incorrectly promoting mixed verdicts, which allows incorrect classification results and may enable unauthorized or unintended actions based on inaccurate trust...

Information Exposure

Element Call is vulnerable to Information Exposure. The vulnerability is due to analytics data including full page URLs and URL fragments being sent to a configured PostHog server, which allows an attacker with access to the analytics data to obtain sensitive information such as call encryption...

Server-Side Request Forgery (SSRF)

Papra is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of redirect destinations in the webhook delivery system, which allows an attacker to bypass SSRF protections and force the server to make requests to internal network addresses through...

Improper Authorization

Twig is vulnerable to Improper Authorization. The vulnerability is due to incomplete enforcement of sandbox security checks for implicit toString calls, which allows an attacker to invoke non-allowlisted toString methods on accessible objects and bypass configured security policies...