In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This is related to javascript/bigup.js and javascript/.ĬVE-2024-23644 Trillium is a composable toolkit for building internet applications with async rust. This can potentially result in the deletion of KV Store collections.ĬVE-2024-23659 SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.ĬVE-2024-23675 In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |