![]() ![]() In order to handle YAML requests (using application/yaml content-type), it defines a YamlEntityProvider entity provider that will process all incoming YAML requests. Apache Submarine uses JAXRS to define REST endpoints. ![]() Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.Īpache Software Foundation Apache Submarine has a bug when serializing against yaml. ![]() This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution. Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. The identifier VDB-239857 was assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The manipulation leads to deserialization. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.Ī vulnerability was found in spider-flow up to 0.5.0. VDB-240866 is the identifier assigned to this vulnerability.ĭenial of Service in JSON-Java versions up to and including 20230618. The manipulation leads to path traversal. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |