LRVT
The demo site discloses the detailed Apache webserver version in the "Server:" HTTP response header. This detailed information may be used by attackers to identify outdated software versions that are...
Hi all, uploading files with potentially harmful HTML or JavaScript characters allows for XSS. Example file name: `Sun'>set.jpg` I tested the issue on the official demo site and assume that...
**Describe the bug** The following API endpoints do not require authentication: - /api/server-info/version - /api/server-info - /api/server-info/ping **To Reproduce** Steps to reproduce the behavior: Visit the following links without being...
### Is there an existing issue for this? - [X] I have searched the existing issues ### Current behavior When I upload an SVG image file into a plane issue,...
**Before you open an issue please check which version you are running and whether it is the latest in stable / dev branch** I am running version `commit 27c77071ebd03ce88c2605b6f42768ff1d55b4bf` and...
### Steps To Reproduce 1. Define the docker-compose.yml file as mentioned on https://bitwarden.com/help/install-and-deploy-unified-beta/ 2. Define settings.env from https://github.com/bitwarden/server/blob/master/docker-unified/settings.env 3. Run `docker compose up` docker-compose.yml: ```` version: "3.8" services: bitwarden-unified: container_name:...
Implement fix to fallback to `linux` if the env variable `DEPLOY_PLATFORM` was not set by the user. This fixes the warning message when `docker compose config` is run on the...
## Please check if the PR fulfills these requirements > - [x] The commit message follows our contribution guidelines > - [x] This change does not contain any possible security...
Windows sensors will install a new service called `impulse-agentd`. This service is executing the `nssm.exe` binary. However, the service does not quote the service path. This may lead to a...
## Overview VoucherVault currently restricts item management and inspection to the user who created the item. This architecture, designed with security and privacy in mind, has no provisions for sharing...