In Keycloak versions before 25.0.6 a medium severity vulnerability CVE-2023-6841 was detected. This vulnerability allows attackers to initiate a denial of service by sending repeated HTTP requests, causing resource exhaustion. To fix this issue, users should upgrade Keycloak to version 25.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-6841.
Read more Security
In the Node.js version before 20.0 a high severity vulnerability CVE-2023-30584 was detected. This vulnerability allows attackers to bypass file permission checks in Node.js by exploiting improper path traversal handling within the experimental permission model. To fix this problem users should upgrade Node.js to version 20.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-30584.
Read more Application Development
In Node.js versions before 18.20.4 a high severity vulnerability CVE-2024-36138 was detected. This vulnerability allows attackers to inject arbitrary commands and achieve code execution by exploiting improper handling of batch files via `child_process.spawn` and `child_process.spawnSync`. To fix this issue, users must upgrade to version 18.20.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36138.
Read more Application Development
In Node.js versions before 20.15.0 and 22.4.0 a low severity vulnerability CVE-2024-36137 was detected. This issue affects users of the experimental permission model with the –allow-fs-write flag, allowing operations like `fs.fchown` and `fs.fchmod` to use a “read-only” file descriptor to alter file ownership and permissions. To fix this users should upgrade to 20.15.1 or 22.4.1 versions. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36137.
Read more Application Development
In Node.js versions <= 21.6.0, <= 20.11.0, and <= 18.19.0 a high severity vulnerability CVE-2023-46809 was detected. This vulnerability allows attackers to exploit the Marvin Attack if PKCS #1 v1.5 padding is allowed during RSA decryption using a private key. To fix this issue users should upgrade OpenSSL, or use a dynamically linked version of OpenSSL that is also patched. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-46809.
Read more Application Development
In the Node.js version 18.x and 20.x a high severity vulnerability CVE-2023-39333 was detected. This vulnerability allows attackers to inject JavaScript code into a WebAssembly module via maliciously crafted export names, potentially gaining access to data and functions that should be restricted. To fix this problem, users should upgrade Node.js to version 20.8.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-39333.
Read more Application Development
In Node.js versions before 20.0 a high severity vulnerability CVE-2023-30587 was detected. This vulnerability allows attackers to bypass Node.js’s experimental permission model restrictions by exploiting the Worke class and the inspector module. To fix this problem users should upgrade Node.js to version 20.3.1. For more details, visit the https://nvd.nist.gov/vuln/detail/CVE-2023-30587.
Read more Application Development
In GitLab versions 15.6 to 17.0.5, 17.1 to 17.1.3, and 17.2 to 17.2.1 a medium severity vulnerability CVE-2024-7091 was detected. This vulnerability allows attackers to disclose limited information of an exported group or project to another user. To address this issue, upgrading to the latest version of GitLab is recommended. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7091.
Read more Developer Tools
In Apache Airflow versions 2.10.0 a low severity vulnerability CVE-2024-45498 was detected. This vulnerability allows attackers to create a fake login page and deceive users into authenticating with attacker-controlled credentials due to the absence of a unique token in the authentication POST request. To fix this problem, users should upgrade to version 2.10.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45498.
Read more Data Analytics