API - API Security Blog

CVE-2018-25045

Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.Read More ...

July 22, 2022

Debian DSA-5186-1 : djangorestframework – security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-5186 advisory. - A flaw was found in Django REST Framework versions before 3.12.0 and b ...

July 22, 2022

CVE-2022-34112

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.Read More ...

July 22, 2022

CVE-2022-34113

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.Read More ...

July 22, 2022

Security update for python-M2Crypto (important)

An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA ...

July 22, 2022

Cloud Threat Detection: To Agent or Not to Agent?

![Cloud Threat Detection: To Agent or Not to Agent?](https://blog.rapid7.com/content/images/2022/07/blog-hero-bg--1-.jpg) The shift towards cloud and [cloud-native application architectures]() represe ...

July 22, 2022

CVE-2021-36200

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.Read More ...

July 22, 2022

CVE-2022-31168

Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administra ...

July 22, 2022