firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in `decode` and `verify` functions in `JWT.php` because the token validations are not properly handled when multiple keys ...
Continue Reading
May 30, 2022
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attack ...
Continue Reading
May 30, 2022
Envoy, which Pomerium is based on, has issued multiple CVEs impacting stability and security. Though Pomerium may not be vulnerable to all of the issues, it is recommended that all users upgrade to Po ...
Continue Reading
May 30, 2022
github.com/flipped-aurora/gin-vue-admin is vulnerable to SQL injection. The vulnerability exists due to insecure handling of special elements used in an PostgreSQL Command in `server/service/system/sy ...
Continue Reading
May 30, 2022
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_co ...
Continue Reading
May 30, 2022
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1276 advisory. - golang.org/x/text: Panic in language.Pa ...
Continue Reading
May 30, 2022
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1275 advisory. - envoy: Null pointer dereference when us ...
Continue Reading
May 30, 2022
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: ArgoCD will blindly trust JWT claims if anonymous access is ...
Continue Reading
May 30, 2022
Back to Main
