The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the use…
[org.apache.camel:camel-xmljson] XML External Entity injection in Apache Camel
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
References
https://nvd.nist.go…
【画像】iPhone XR2、ラベンダーとグリーン色を追加か
最近の報告によると、Appleは今年後半にiPhone XR 2に新しいカラーオプションを導入すると…