In Node.js versions <= 21.6.0, <= 20.11.0, and <= 18.19.0 a high severity vulnerability CVE-2023-46809 was detected. This vulnerability allows attackers to exploit the Marvin Attack if PKCS #1 v1.5 padding is allowed during RSA decryption using a private key. To fix this issue users should upgrade OpenSSL, or use a dynamically linked version of OpenSSL that is also patched. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-46809.
Read more Application Development
In the Node.js version 18.x and 20.x a high severity vulnerability CVE-2023-39333 was detected. This vulnerability allows attackers to inject JavaScript code into a WebAssembly module via maliciously crafted export names, potentially gaining access to data and functions that should be restricted. To fix this problem, users should upgrade Node.js to version 20.8.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-39333.
Read more Application Development
In Node.js versions before 20.0 a high severity vulnerability CVE-2023-30587 was detected. This vulnerability allows attackers to bypass Node.js’s experimental permission model restrictions by exploiting the Worke class and the inspector module. To fix this problem users should upgrade Node.js to version 20.3.1. For more details, visit the https://nvd.nist.gov/vuln/detail/CVE-2023-30587.
Read more Application Development
In GitLab versions 15.6 to 17.0.5, 17.1 to 17.1.3, and 17.2 to 17.2.1 a medium severity vulnerability CVE-2024-7091 was detected. This vulnerability allows attackers to disclose limited information of an exported group or project to another user. To address this issue, upgrading to the latest version of GitLab is recommended. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-7091.
Read more Developer Tools
In Apache Airflow versions 2.10.0 a low severity vulnerability CVE-2024-45498 was detected. This vulnerability allows attackers to create a fake login page and deceive users into authenticating with attacker-controlled credentials due to the absence of a unique token in the authentication POST request. To fix this problem, users should upgrade to version 2.10.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45498.
Read more Data Analytics
In Apache Airflow versions before 2.10.1 a high severity vulnerability CVE-2024-45034 was detected. This vulnerability allows DAG authors to add local settings to the DAG folder, which can be executed by the scheduler, bypassing its intended restrictions. To fix this problem, users should upgrade to version 2.10.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45034.
Read more Data Analytics
In Keycloak versions prior to 24.0.6 a medium severity vulnerability CVE-2024-7318 was detected. This vulnerability allows expired OTP codes to remain valid for an extra 30 seconds, extending the attack window and making two OTPs valid simultaneously. To fix this problem, users should upgrade Keycloak to version 24.0.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7318.
Read more Security
In Keycloak versions before 24.0.7 a medium severity vulnerability CVE-2024-7260 was detected. This vulnerability allows attackers to craft a URL that tricks users or automation into visiting a malicious webpage by exploiting the referrer and referrer_uri parameters. To fix this issue, administrators should carefully validate and sanitize URL parameters and upgrate to 24.0.7 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7260.
Read more Security
In Apache HTTP Server versions 2.4.0 through 2.4.59 a critical severity vulnerability CVE-2024-38474 was detected. This vulnerability allows attackers to execute scripts in restricted directories or expose sensitive scripts meant for CGI execution only due to an unsafe substitution encoding issue. To fix this problem, users should upgrade Apache HTTP Server to version 2.4.60. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-38474.
Read more Application Development