API - API Security Blog

Security update for trivy (moderate)

An update that fixes three vulnerabilities is now available. Description: This update for trivy fixes the following issues: Update to version 0.30.4: * fix: remove the first arg when running ...

August 20, 2022

CVSS3 - CRITICAL

CVSS2 - MEDIUM

Threat Roundup for August 12 to August 19

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDbBfe7re3_GTXSXxhXHE2wNeKNUPJ-Odym2Hj407JIEsoqhaRncqbWWVdFGF8HVFeuFf-9tRYJTDr5Yv3KtHFWHwNNCw0SfBhK253m7gw8NPS3_tw9byysNDzJXeSV6PpKRjM8Z ...

August 19, 2022

Exposure of Resource to Wrong Sphere

Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database stora ...

August 19, 2022

CVSS3 - MEDIUM

Relative Path Traversal

Relative Path Traversal in kubevirt.io/kubevirt.Read More ...

August 19, 2022

crAPI – Completely Ridiculous API

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis8Xu-hQepJDB9yXVDyzUWXRoxOScdM39oll_pLGH4cOBL_49zxgvRn3w3Amh36goTYkPVaZuDmAw9c1bHHOTVh2DxUlBiBZ-Fg5rwccyhUhAbtxe_tmSP1si6dsMcG365i2UcWo ...

August 19, 2022

CVE-2022-36263

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.Read More ...

August 19, 2022

Improper Authentication

Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2.Read More ...

August 19, 2022

CVSS3 - HIGH

Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specif ...

August 19, 2022

CVSS3 - MEDIUM