Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script …
[org.springframework:spring-core] Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
…
[org.springframework:spring-core] Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
…
[Microsoft.AspNetCore.DataProtection.AzureStorage] Denial of service in ASP.NET Core
A denial of service vulnerability exists when OData Library improperly handles web requests, aka “OData Denial of Service Vulnerability.” This affects Microsoft.Data.OData.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-8269
https://github.com/a…
[rest-client] rest-client vulnerable to Session Fixation
REST client for Ruby (aka rest-client) versions 1.6.1.a until 1.8.0 allow remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
References
https://…
[defaults-deep] Prototype Pollution in defaults-deep
Versions of default-deep before 0.2.4 are vulnerable to prototype pollution
Recommendation
Update to version 0.2.4 or later.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-3723
https://hackerone.com/reports/310514
https://github.com/advisories/G…
[slug] Regular Expression Denial of Service in slug
Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input.
The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds,
About 50k characters can bloc…
[eslint-config-eslint] Malicious Package in eslint-scope
Version 3.7.2 of eslint-scope was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to 2 remote servers.
Recommendation
The best course of action…
[sanitize] Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements.
This can allow…
[jQuery] Denial of Service in jquery
Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a den…