security-bulletins
security-bulletins copied to clipboard
Netflix
Security Bulletins that relate to Netflix Open Source
Security Bulletins
Below are notifications for security and privacy events within Netflix Open Source applications.
| Date | Type | Subject |
|---|---|---|
| March 30, 2022 | Critical | Format String Vulnerability in ConsoleMe |
| March 23, 2021 | Important | Local Information Disclosure in Priam |
| March 23, 2021 | Important | Local Information Disclosure in Hollow |
| March 10, 2021 | Important | Critical Vulnerability Exposing Private Keys in Lemur |
| December 08, 2020 | Important | SpEL Template injection on Netflix Spinnaker |
| November 6, 2020 | Important | Multiple Access Control Issues in Dispatch |
| November 6, 2020 | Important | Multiple XSS Vulnerabilities in Dispatch |
| August 27, 2020 | Important | Authenticated Server-Side Request Forgery in Orca Spinnaker |
| March 05, 2020 | Important | Server-Side Template Injection in Netflix Titus |
| February 24, 2020 | Important | Server-Side Template Injection in Netflix Conductor |
| June 20, 2019 | Informational | Dial Reference code implementation has Denial of Service |
| January 10, 2018 | Important | Unauthenticated Server-Side Request Forgery in Hystrix-Dashboard |
| April 14, 2017 | Important | Spinnaker Orca RCE and arbitrary file and URL access |
| August 31, 2016 | Important | zuul.filter.admin.enabled Defaults to True |
| June 6, 2016 | Important | Heap Overflow in Dynomite YAML Configuration Parser |
| February 22, 2015 | Important | External Entity Injection 'XXE' in Recipes-rss Open-Source Application |
Below are notifications for security vulnerabilities in third-party software.
| Date | Type | Subject |
|---|---|---|
| August 13, 2019 | Important | HTTP/2 Denial of Service Advisory |
| June 17, 2019 | Important | Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities |
Unfortunately we are not able to address software support issues in this repository. Please contact the upstream project instead.
Netflix