![]() ![]() JetBrains Hub before 206 was vulnerable to reflected XSS. In JetBrains Hub before 206, an unprivileged user could perform DoS. In JetBrains Hub before 200, integration with JetBrains Account exposed an API key with excessive permissions. ![]() HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. Apache JSPWiki users should upgrade to 2.11.2 or later.īusiness Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. Apache JSPWiki users should upgrade to 2.11.2 or later.Ī carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.Īpache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. This issue affects Apache Airflow versions 2.2.3 and below. It was discovered that the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |