Month: May 2022

corenlp is vulnerable to Improper Restriction of XML External Entity Reference
References

https://nvd.nist.gov/vuln/detail/CVE-2021-3869
https://github.com/stanfordnlp/corenlp/commit/5d83f1e8482ca304db8be726cad89554c88f136a
https://huntr.dev/bounties/…

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
References

https://nv…

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.
References

https://nvd.nist.gov/vuln/…

corenlp is vulnerable to Improper Restriction of XML External Entity Reference
References

https://nvd.nist.gov/vuln/detail/CVE-2021-3878
https://github.com/stanfordnlp/corenlp/commit/e5bbe135a02a74b952396751ed3015e8b8252e99
https://huntr.dev/bounties/…

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, infor…

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper be…

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the str…

In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-28490
https://github.com/reidmefirst/vuln-disclosure/blob/main/2021-01.txt
ht…

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user’s logging infrastructure could then potentially ingest thes…

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 could allow authenticated users to execute commands with elevated privileges.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-34802
https://neo4j….