An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. ...
Continue Reading
May 22, 2022
CVE-2022-28924
GitHub Security Lab: [Java]: CWE-321 – Query to detect hardcoded JWT secret keys
This bug was reported directly to GitHub Security Lab. ...
Continue Reading
May 22, 2022
curl: Memory leak in CURLOPT_XOAUTH2_BEARER
## Summary: Once a bearer token is set with `CURLOPT_XOAUTH2_BEARER`, each HTTP request done with the same handler leaks the token itself. ## Steps To Reproduce: Given the following code: ```c #includ ...
Continue Reading
May 22, 2022
Leakage of third-party OAuth token via redirect
# Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the `redirect` parameter and re ...
Continue Reading
May 22, 2022
SSRF in editor’s proxy via IPv6 link-local address
# Description The proxy server does not check for link-local IPv6 addresses In https://github.com/jgraph/drawio/blob/dev/src/main/java/com/mxgraph/online/ProxyServlet.java#L255L257, it checks for loca ...
Continue Reading
May 22, 2022
Path Traversal in WellKnownServlet
# Description The `WellKnownServlet` is vulnerable to path traversal. This allows reading local files. For example the files in `WEB-INF` that contain secrets and API keys can be read. https://github. ...
Continue Reading
May 22, 2022
SSRF via IPv6 address 2
# Description While searching online, I found that https://stackoverflow.com/questions/53764109/is-there-a-java-api-that-will-identify-the-ipv6-address-fd00-as-local-private also states fc00 / fd00 ar ...
Continue Reading
May 22, 2022
CVE-2022-29214
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implemen ...
Continue Reading
May 21, 2022