In Apache Airflow versions prior to 2.4.2, the “Trigger DAG with config” screen was susceptible to XSS attacks via the origin query argument.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-43982
https://github.com/apache/airflow/pull/27143
https…
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver’s /confirm endpoint.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-43985
https://github.com/apache/airflow/pull/27143
https://lists.apache.org/thread/m13y9s5…
A SQL injection vulnerability in Centreon affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. Version 22.10.0-b…
A Cross-site Scripting vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature.
References
https://nvd.nist.gov/vuln/…
Impact
In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappro…
Impact
A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
Fluentd setups are only affected if the environment variable FL…
Impact
https://github.com/nervosnetwork/ckb/blob/v0.101.2/script/src/verify.rs#L871-L879
TypeIdSystemScript resume handle is not correct when max_cycles is not enough, ScriptError::ExceededMaximumCycles will be raised directly ranther than suspend as e…
Impact
fn HeaderChecker#check_valid skipped main chain checking after this PR: https://github.com/nervosnetwork/ckb/pull/1646/files#diff-c4e017b67c1b3005ca0c446a9b0879571aa36a858b1f7ddd1b9328a884e3214bR171-R176
It will cause network forking if one tran…
Impact
When a transaction contains a dep group with many cells, the resources required to process it are not linear to the transaction size nor spent script cycles.
Patches
In 0.43.3, nodes drop the transactions relayed to them when they contain a dep…
pyca/cryptography’s wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-38.0.3 are vulnerable to a number of security issues. More details about the vulnerabilities themselves can be found in http…
