Strapi 3.2.1 until 4.6.0 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token ...
Continue Reading01 мая, 2023
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-cb20f08a4e advisory. - A maliciously crafted HTTP/2 stream could cause excessiv ...
Continue Reading01 мая, 2023
A library for performing OAuth Device flow and Web application flow in Go client apps.Read More ...
Continue Reading01 мая, 2023
[![Google Cloud Platform](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() Cybersecurity researchers have disclosed details of a n ...
Continue Reading01 мая, 2023
@strapi/plugin-users-permissions is vulnerable to Authentication Bypass. When using the `AWS Cognito` login provider for authentication, the library doesn't check access or ID tokens generated through ...
Continue Reading01 мая, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading27 марта, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading27 марта, 2023
## Team, May you all be well on your side of the screen. :) *. While Doing some research on thehttps://cal.com/, I was able to find a Pre-Account Takeover vulnerability. ## Proof of concept: *. I have ...
Continue Reading27 марта, 2023
Back to Main