interceptor vulnerabilities and exploits

(subscribe to this query)

A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation le...

Veal98 小牛肉 Echo 开源社区系统

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to...

Wander-chu Springboot-blog

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2...

Datadog Import-in-the-middle Datadoghq Import-in-the-middle

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's ...

Open-telemetry Opentelemetry-go-contrib Opentelemetry Opentelemetry

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote ...

Red Hat Jboss Portal Redhat Jboss Portal 6.2.0

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret...

Go-jose Project Go-jose Go-jose Go-jose

1 Github repository

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Golang.org/x/net Golang.org/x/net/html Golang Networking

1 Github repository

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the malici...

Go Standard Library Net/http Golang.org/x/net Golang.org/x/net/http2 Golang Go Golang Http2 Fedoraproject Fedora 37 Fedoraproject Fedora 38 Fedoraproject Fedora 39 Netapp Astra Trident -Netapp Astra Trident Autosupport -

2 Github repositories

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

Golang Go Google.golang.org/protobuf Google.golang.org/protobuf/encoding/protojson Google.golang.org/protobuf Google.golang.org/protobuf/internal/encoding/json

3 Github repositories

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious req...

Open-telemetry Opentelemetry-go-contrib Opentelemetry Opentelemetry

« PREV 1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook