-
In order to enforce check-in criteria for Pull Requests based on build, tests, linting, and more, we need to integrate with a CI/CD solution like Azure Pipelines. This issue should also track which ki…
cn894 updated
5 years ago
-
# Microsoft Security Advisory CVE-2018-0787: ASP.NET Core Elevation Of Privilege Vulnerability
## Executive summary
Microsoft is releasing this security advisory to provide information about a v…
-
Package version (if known): v1.2.7 & current (2022-02-16) [InvenioRDM demo](https://inveniordm.web.cern.ch/) install
## Describe the bug
Posting to the REST api (e.g. https://inveniordm.web.cern.…
-
# Microsoft Security Advisory CVE-2023-44487: .NET Denial of Service Vulnerability
## Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerabilit…
-
I have a situation involving integration between two partner enterprise software vendors that is broken by deprecation of 3rd-party cookies. Please bare with me, because this takes quite a while to se…
-
**Is your feature request related to a problem? Please describe.**
The app i'm working on at the minute is undergoing a security audit. The auditors noticed a GET request adding a JWT token to the qu…
-
Some of our AWS examples assume you have a default VPC, and break if you do not. It is often common security practice to delete an account's default VPC upon creation to avoid accidental ingress/egres…
-
Support the name and version identification of the third-party jar package of Java programs, such as fastjson.jar
Fastjson < 1.2.67 deserialization Remote Code Execution Vulnerability
Traverse t…
-
Similarly to some providers like youtube or plex, setting up a new client could:
1. ask for the server url
2. display a pin like `9F3L`
3. allow user to enter the PIN straight from any other logged…
-
**Describe the bug**
I am testing Authentik with LDAP federation using a TLS-only openLDAP. The LDAP server runs on Debian Bookworm with a normal TLS setup, a valid LE cert, TLS 1.2+, etc.
The A…