Skip to content

TechMedia

Header Image
Category

LOW

79 Posts

Featured

Posted byWpmaster
[safeurl-python] Withdrawn: safeurl-python contains Server-Side Request Forgery
Posted byWpmaster
[org.jenkins-ci.plugins:github-pr-coverage-status] Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Posted byWpmaster
[shopware/platform] Shopware’s log module vulnerable to Improper Output Neutralization
Posted byWpmaster
[rack] Denial of Service Vulnerability in Rack Content-Disposition parsing

[safeurl-python] Withdrawn: safeurl-python contains Server-Side Request Forgery

  • Posted inLOW
  • Posted byWpmaster
  • 01/30/202302/02/2023

Withdrawn
This advisory has been withdrawn as a duplicate of GHSA-jgh8-vchw-q3g7.
Original Description
isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SS…

[org.jenkins-ci.plugins:github-pr-coverage-status] Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin

  • Posted inLOW
  • Posted byWpmaster
  • 01/27/202301/27/2023

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users…

[shopware/platform] Shopware’s log module vulnerable to Improper Output Neutralization

  • Posted inLOW
  • Posted byWpmaster
  • 01/21/202301/21/2023

Impact
The log module contains all kind of sent mails. It is possible to see the password reset email of customers and admin users to gain probably more access.
Patches
Update to the latest 6.4.18.1 version.
Workarounds

For older versions of 6.1, 6.2,…

[rack] Denial of Service Vulnerability in Rack Content-Disposition parsing

  • Posted inLOW
  • Posted byWpmaster
  • 01/19/202301/21/2023

There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571.
Versions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2…

[actionpack] ReDoS based DoS vulnerability in Action Dispatch

  • Posted inLOW
  • Posted byWpmaster
  • 01/19/202301/31/2023

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792.
Versions Affected: >= 3.0.0 Not affected: < 3.0.0 Fixed Versions: 5.2.8.15 (Rails LTS), 6.0…

[activesupport] ReDoS based DoS vulnerability in Active Support’s underscore

  • Posted inLOW
  • Posted byWpmaster
  • 01/19/202301/31/2023

There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796.
Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
I…

[activerecord] Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter

  • Posted inLOW
  • Posted byWpmaster
  • 01/19/202301/31/2023

There is a potential denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter.
This has been assigned the CVE identifier CVE-2022-44566.
Versions Affected: All. Not affected: None. Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0….

[actionpack] ReDoS based DoS vulnerability in Action Dispatch

  • Posted inLOW
  • Posted byWpmaster
  • 01/19/202301/31/2023

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795.
Versions Affected: All Not affected: None Fixed Versions: 5.2…

[rack] Denial of service via header parsing in Rack

  • Posted inLOW
  • Posted byWpmaster
  • 01/19/202301/21/2023

There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570.
Versions Affected: >= 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4…

[org.keycloak:keycloak-core] Keycloak has lack of validation of access token on client registrations endpoint

  • Posted inLOW
  • Posted byWpmaster
  • 01/13/202301/14/2023

When a service account with the create-client or manage-clients role can use the client-registration endpoints to create/manage clients with an access token.
If the access token is leaked, there is an option to revoke the specific token. However, the c…

Posts navigation

1 2 3 … 8 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close