Steven Johnstone

icon company Smarter Grid Solutions icon location Glasgow

Results 6 comments of Steven Johnstone

Version installed from luarocks vulnerable to CVE-2018-11218

It appears that the rock uploaded to https://luarocks.org/dev predates https://github.com/antirez/lua-cmsgpack/commit/7b989b5b1c2523ae636c41a48c46a8516a0bb1e1#diff-5775114da613405f773d31b7d96775b6 so doesn't install correctly.

Vulnerable to Man-In-The-Middle (MITM) attacks

I can have a stab at fixing this. Broad strokes... Luasec can be made to do the right thing on Debian without much fuss e.g. something along these lines (with...

Vulnerable to Man-In-The-Middle (MITM) attacks

> Wildcard certs are also a thing. Absolutely: making no claims at completeness, this is just a quick exploration of what can be done already with luasec without changing it....

Vulnerable to Man-In-The-Middle (MITM) attacks

> > Yep, in a perfect world, it'd expose the interface X509_check_host(). I > > That function hasn't been recommended in several years. > Since OpenSSL 1.0.2 (released 2015; and...

Vulnerable to Man-In-The-Middle (MITM) attacks

Maybe worth adding a [security advisory](https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/about-github-security-advisories) for this issue?

Error Newlines in headers are not allowed

As a workaround, you can add a newline manually after the insertion point: ![image](https://github.com/federicodotta/Java-Deserialization-Scanner/assets/6546704/b12f523c-822b-4628-9ecb-06eee2d3da3f)