Stephane Landelle
Stephane Landelle
@ebussieres If you're considering getting this fixed some day, or at least coordinating the effort of possible contributors, you could maybe set up GitHub sponsors or some bug bounty of...
Hard to investigate with the original report being no longer public. Does anyone have a copy? Note: I really find incredible that the NVD does make a proper copy so...
> @Y4tacker The link referenced in the CVE, https://github.com/Y4tacker/Web-Security/issues/3, is not public. Can you update the CVE to point to a valid link? @Y4tacker Could you please invite @ebussieres @piotrpolak...
@Y4tacker Thanks! I do have a question for you: would the vulnerability be exploited without Spring?
>ok,public Actually, it's not. Still 404.
> Please get a backup I just did, thanks. Then, if this repo is not made public, the link is the CVE is invalid and there's no way for anyone...
COPIED FROM THE ORIGINAL REPO THAT WON'T STAY PUBLIC ================================================ Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springboot. First, simply set...
First, are you sure you're referring to actual [Ping WebSocket frames](https://datatracker.ietf.org/doc/html/rfc6455#section-5.5.2), and not applicative Text frames, like what socket.io does? FYI, [it's not possible to send a Ping frame in...
@rjaros87 @vJoeyz Please stick to the 1 ticket = 1 concern rule. This ticket's title is "ws ping from client". If you run into an issue, please open a dedicated...
> I need to check whether the websocket connection is still alive, and as far as I know, this isn't possible right now in Gatling. I'm not sure we'll implement...