Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2422
https://c…
Impact
This impacts users that use shescape to escape arguments:
for the Unix shell Bash, or any not-officially-supported Unix shell;
using the escape or escapeAll functions with the interpolation option set to true.
An attacker can cause polynomial …
Impact
A custom stateful precompile can use the is_static parameter to determine if the call is executed in a static context (via STATICCALL), and thus decide if stateful operations should be done. Previously, the passed is_static parameter was incorre…
Impact
Gin-vue-admin < 2.5.4 has File upload vulnerabilities。
File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing t…
Impact
Skipper prior to version v0.13.236 is vulnerable to server-side request forgery (SSRF). An attacker can exploit a vulnerable version of proxy to access the internal metadata server or other unauthenticated URLs by adding an specific header (X-Sk…
When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber (in a way that includes fields of tracing spans such as tracing_subscribers default text output from the fmt module), these…
Description
Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before…
Overview
During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions.
Am I affected?
You are affected by this vulnerability if you are using openfga/o…
Overview
During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions.
Am I Affected?
You are affected by this vulnerability if you are using openfga/o…
Overview
During our internal security assessment, it was discovered that streamed-list-objects endpoint was not validating the authorization header resulting in the disclosure of objects in the store.
Am I Affected?
You are affected by this vulnerabili…
