-
Hello,
After the issue #275, it seems that the Oauth2 with redirection does not work.
Firstly the provided Token URL appears to be ignored and `http://localhost:3000` is always used instead
S…
-
## CVE-2023-4586 - High Severity Vulnerability
Vulnerable Library - infinispan-client-hotrod-11.0.17.Final.jar
Infinispan Hot Rod Client
Library home page: http://www.jboss.org
Path to dependency fi…
-
The package description files are currently updated via 'fink selfupdate' using either CVS or rsync. Both mechanisms send unencrypted traffic that is not protected against tampering. An attacker in a …
-
From the TUF spec, 5.5.2:
> Check against timestamp role’s snapshot hash. The hashes of the new snapshot metadata file MUST match the hashes, if any, listed in the trusted timestamp metadata. Thi…
-
end to end encryption using letsencrypt etc is not very practical.
what do u recommend for a faster end to end encryption without going through a third party service?
i can write code and willing …
-
It is clear that https://rot256.dev/post/pass/ has several good points about issues in the security model of pass (and similarly gopass, as if I understand correctly gopass does things very similar to…
-
In order to be confident about deploying the IPFS service worker we want to ensure security + privacy for users running the service worker.
1. Document all of the implications of running the servic…
-
### Brief description of your issue
Discussion: https://github.com/microsoft/winget-cli/discussions/1903#discussion-3855105
If I run winget list it spins shortly and then the command line turns bl…
-
About 5 years ago I wrote a man-in-the-middle attack for Meridian 59 that would do one very simple thing - it would remove the 'running' flag sent up with the player move event. This causes you to ru…
-
As title, it seems that it uses the `HTTP` protocol to request remote API.
This will not be safe during the HTTP connection and it lets some contents be exposed in the connection.
And the nativv…