Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-29498
https://github.com/ankane/blazer/issues/392
ht…
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can …
python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.
References
https://nvd.nist.gov/vuln/detail/CVE-2009-3724
https://www.openwall.com/lists/oss-security/2009/10/29/5
https://github.com/advisories/GHSA-72cx-5ff9-4hhc
Impact
Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun.
Patches
0.3.2 (as of https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c…
Impact
An attacker can inject attributes that are used in other components
An attacker can override existing attributes with ones that have incompatible type, which may lead to a crash.
The main use case of Convict is for handling server-side configu…
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = ‘origin’, opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can b…
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed …
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and cha…
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace whic…
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-3503
https://bugzilla.redhat.com/show_bug.cgi?id=1942693
https://issues.redhat.com/browse/WFLY-11933…
