netshoot icon indicating copy to clipboard operation
netshoot copied to clipboard
verified publisher icon nicolaka

Critical Vulnerabilities - Authorization Bypass

Open KyrreHaugland opened this issue 2 years ago • 0 comments

Hi, really awesome project. I have found two critical vulnerabilities is it possible to remove them?

https://nvd.nist.gov/vuln/detail/CVE-2022-1996 - Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. https://nvd.nist.gov/vuln/detail/CVE-2019-20933 - InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

KyrreHaugland avatar Feb 16 '24 07:02 KyrreHaugland