Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[org.verapdf:verapdf-library-jakarta] veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Description: Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. References Original issue: #1488 References https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-4cx5-89vm-833x https://nvd.nist.gov/vuln/detail/CVE-2024-52800 https://github.com/veraPDF/veraPDF-library/issues/1488 https://github.com/advisories/GHSA-4cx5-89vm-833x
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)
[org.verapdf:verapdf-library-arlington] veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Description: Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. References Original issue: #1488 References https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-4cx5-89vm-833x https://nvd.nist.gov/vuln/detail/CVE-2024-52800 https://github.com/veraPDF/veraPDF-library/issues/1488 https://github.com/advisories/GHSA-4cx5-89vm-833x
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)
[io.lettuce:lettuce-core] Netty vulnerability included in redis lettuce
Description: Summary Note: i'm reporting this in this way purely because it's private and i don't want to broadcast vulnerabilities. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. Details https://github.com/redis/lettuce/blob/main/pom.xml#L67C9-L67C53 The netty version pinned here is currently 4.1.113.Final This version is vulnerable according to Snyk and is affecting one of our products: Here is a link to the CVE PoC Complete instructions, including specific configuration details, to reproduce the vulnerability. Not applicable Impact What kind of vulnerability is it? Who is impacted? Denial of Service, affecting Windows users. References https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv https://github.com/redis/lettuce/security/advisories/GHSA-q4h9-7rxj-7gx2 https://nvd.nist.gov/vuln/detail/CVE-2024-47535 https://github.com/advisories/GHSA-q4h9-7rxj-7gx2
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)
[org.springframework:spring-beans] Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Description: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. References https://nvd.nist.gov/vuln/detail/CVE-2024-38827 https://spring.io/security/cve-2024-38827 https://github.com/spring-projects/spring-framework/issues/33708 https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9 https://github.com/advisories/GHSA-q3v6-hm2v-pw99
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)
[org.springframework:spring-context] Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Description: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. References https://nvd.nist.gov/vuln/detail/CVE-2024-38827 https://spring.io/security/cve-2024-38827 https://github.com/spring-projects/spring-framework/issues/33708 https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9 https://github.com/advisories/GHSA-q3v6-hm2v-pw99
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)
[org.springframework:spring-core] Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Description: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. References https://nvd.nist.gov/vuln/detail/CVE-2024-38827 https://spring.io/security/cve-2024-38827 https://github.com/spring-projects/spring-framework/issues/33708 https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9 https://github.com/advisories/GHSA-q3v6-hm2v-pw99
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)
[org.springframework:spring-expression] Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Description: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. References https://nvd.nist.gov/vuln/detail/CVE-2024-38827 https://spring.io/security/cve-2024-38827 https://github.com/spring-projects/spring-framework/issues/33708 https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9 https://github.com/advisories/GHSA-q3v6-hm2v-pw99
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)
[org.springframework:spring-jdbc] Spring Framework has Authorization Bypass for Case Sensitive Comparisons
Description: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. References https://nvd.nist.gov/vuln/detail/CVE-2024-38827 https://spring.io/security/cve-2024-38827 https://github.com/spring-projects/spring-framework/issues/33708 https://github.com/spring-projects/spring-framework/commit/11d4272ff48b4a4dabc4b28dfbff0364a4204bc9 https://github.com/advisories/GHSA-q3v6-hm2v-pw99
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)
[org.asynchttpclient:async-http-client] AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Description: Summary When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie being used for another user's requests. Details This issue is described without security warnings here: https://github.com/AsyncHttpClient/async-http-client/issues/1964 I already have a PR to fix this issue: https://github.com/AsyncHttpClient/async-http-client/pull/2033 PoC Add an auth Cookie to the CookieStore This is identical to receiving an HTTP response that uses Set-Cookie, as shown in issue #1964 above. Handle a different user's request where the same Cookie is provided as a passthrough, like a JWT, and attempt to use it by explicitly providing it. Observe that the user's cookie in step 2 is passed as the Cookie in step 1. Impact This is generally going to be a problem for developers of backend services that implement third party auth features and use other features like token refresh. The moment a third party service responds by setting a cookie in the response, the CookieStore will effectively break almost every follow-up request (hopefully by being rejected, but possibly by revealing a different user's information). If your service sets cookies based on the response that happens here, it's possible to lead to even greater levels of exposure. References https://github...
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)
[io.antmedia:ant-media-server] Ant-Media-Server vulnerable to Improper Output Neutralization for Logs
Description: Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions. References https://nvd.nist.gov/vuln/detail/CVE-2024-35371 https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45 https://gist.github.com/1047524396/4eb17867f2e375f4824274c5e7b4d384 https://github.com/ant-media/Ant-Media-Server/blob/ams-v2.8.2/src/main/java/io/antmedia/rest/RestServiceBase.java#L356 https://github.com/advisories/GHSA-2gx6-qrpp-c4p3
Source: Github Advisory Database (Maven)
December 3rd, 2024 (5 months ago)