andikahilmy

165 exploits Active since Aug 2013
CVE-2022-23457 NOMISEC HIGH STUB
OWASP Enterprise Security API < 2.3.0.0 - Path Traversal via Validator.getValidDirectoryPath
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.
CVSS 7.5
CVE-2022-29599 NOMISEC CRITICAL WORKING POC
Apache Maven maven-shared-utils <3.3.3 - Command Injection
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
CVSS 9.8
CVE-2021-31684 NOMISEC HIGH WRITEUP
json-smart-v1 1.3-1.3.2 and 2.4-2.4.3 - Denial of Service via JSONParserByteArray indexOf Function
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
CVSS 7.5
CVE-2021-36090 NOMISEC HIGH WORKING POC
Apache Commons Compress 1.0-1.20 - Denial of Service via Malicious ZIP Archive
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
CVSS 7.5
CVE-2021-35516 NOMISEC HIGH WORKING POC
Apache Commons Compress 1.6-1.19 - Denial of Service via Malicious 7Z Archive
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVSS 7.5
CVE-2021-35515 NOMISEC HIGH WRITEUP
Apache Commons Compress 1.6-1.19 - Denial of Service via Crafted 7Z Archive
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVSS 7.5
CVE-2021-43859 NOMISEC HIGH STUB
XStream <1.4.19 - DoS
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
CVSS 7.5
CVE-2021-41269 NOMISEC CRITICAL WRITEUP
cron-utils < 9.1.6 - Unauthenticated Remote Code Execution via Java EL Expression Injection
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known.
CVSS 10.0
CVE-2021-35517 NOMISEC HIGH WORKING POC
Apache Commons Compress 1.1-1.19 - Denial of Service via Malicious TAR Archive
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
CVSS 7.5
CVE-2021-20190 NOMISEC HIGH WORKING POC
jackson-databind < 2.9.10.7 - Deserialization of Untrusted Data
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 8.1
CVE-2020-9547 NOMISEC CRITICAL
jackson-databind 2.0.0-2.7.9.7 - Deserialization of Untrusted Data via com.ibatis.sqlmap Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
CVSS 9.8
CVE-2020-9546 NOMISEC CRITICAL WORKING POC
jackson-databind 2.7.0-2.7.9.6 - Deserialization of Untrusted Data via HikariConfig Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CVSS 9.8
CVE-2020-35490 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CVSS 8.1
CVE-2020-35217 NOMISEC HIGH WORKING POC
Vert.x-Web 4.0.0-milestone1-4.0.0-milestone4 - Cross-Site Request Forgery via Incorrect Token Verification
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.
CVSS 8.8
CVE-2020-9548 NOMISEC CRITICAL WORKING POC
jackson-databind 2.0.0-2.7.9.7 - Deserialization of Untrusted Data via anteros-core Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CVSS 9.8
CVE-2021-21363 NOMISEC MEDIUM WORKING POC
swagger-codegen < 2.4.19 - Local Privilege Escalation via Temporary Directory Race Condition
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This vulnerability is local privilege escalation because the contents of the `outputFolder` can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled. For more details refer to the referenced GitHub Security Advisory. This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21364.
CVSS 5.3
CVE-2020-36518 NOMISEC HIGH STUB
jackson-databind < 2.13.0 - Denial of Service via Nested Object Depth
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS 7.5
CVE-2020-36186 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVSS 8.1
CVE-2020-36185 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVSS 8.1
CVE-2020-36187 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVSS 8.1
CVE-2020-36188 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via JNDIConnectionSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVSS 8.1
CVE-2020-36189 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVSS 8.1
CVE-2020-28491 NOMISEC HIGH STUB
jackson-dataformats-binary < 2.11.4 - Denial of Service via Unchecked Byte Buffer Allocation
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
CVSS 7.5
CVE-2020-35491 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CVSS 8.1
CVE-2020-7692 NOMISEC HIGH STUB
Google OAuth Client Library for Java < 1.31.0 - Incorrect Authorization via Missing PKCE Implementation
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
CVSS 7.4