Hi, Spring fans! Welcome to another installment of _This Week in Spring_! How're you? I almost forgot today was Tuesday! Here in the US, we had a three day weekend for President's day, and also I've b ...
Continue Reading
February 21, 2023
graphql-mesh/cli and graphql-mesh/http are vulnerable to File Access Bypass. The vulnerability is due to the `staticFiles` parameter in the configuration file being set to `serve`, which allows an att ...
Continue Reading
February 18, 2023
### Summary Missing check vulnerability in the static file handler allows any client to access the files in the server's file system ### Details When `staticFiles` is set in the `serve` settings in th ...
Continue Reading
February 16, 2023
### Summary Missing check vulnerability in the static file handler allows any client to access the files in the server's file system ### Details When `staticFiles` is set in the `serve` settings in th ...
Continue Reading
February 16, 2023
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue descript ...
Continue Reading
February 16, 2023
Hi, Spring fans! In this installment [Josh Long (@starbuxman)]() talks to [Kumaresan Muthaliar](), senior technical lead at Avalara, about GraphQL in the heavily regulated, data intensive domain of ta ...
Continue Reading
February 16, 2023
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue descript ...
Continue Reading
February 15, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
February 14, 2023
Back to Main
