-
Some of our AWS examples assume you have a default VPC, and break if you do not. It is often common security practice to delete an account's default VPC upon creation to avoid accidental ingress/egres…
-
**Vulnerabilities**
DepShield reports that this application's usage of [lodash.memoize:4.1.2](https://ossindex.sonatype.org/component/pkg:npm/lodash.memoize@4.1.2) results in the following vulnerabil…
-
**Vulnerabilities**
DepShield reports that this application's usage of [lodash.uniq:4.5.0](https://ossindex.sonatype.org/component/pkg:npm/lodash.uniq@4.5.0) results in the following vulnerability(s)…
-
**Vulnerabilities**
DepShield reports that this application's usage of [lodash.debounce:4.0.8](https://ossindex.sonatype.org/component/pkg:npm/lodash.debounce@4.0.8) results in the following vulnerab…
-
spin-off from https://github.com/OWASP/ASVS/issues/1916 "Discussion/Proposal 1"
The [summary](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps#section-6.3.3.3) for browser …
-
https://github.com/mozilla/positron/blob/master/positron/electron/lib/browser/rpc-server.js#L46 checks if a prototype object is strictly equal to _Object.prototype_, i.e. `proto === Object.prototype`.…
-
```
We're running on 64-bit Ubuntu with the following versions installed (as part
of the script):
eventlog_0.2.12.tar.gz
syslog-ng_3.2.2.tar.gz
elsa-0.1.1.tar.gz
We're trying to write a new parser…
-
### Finding Description
Your application is using `addJavascriptInterface()`. This may allow an attacker to execute arbitrary code on Android devices. The vulnerability is exploited by injecting Java…
-
### Describe the bug
This one took hours to track down, and I'm not sure where to look beyond that it seems to be Formie and spam submission related bug of some sort.
We have been hitting issues o…
-
**Describe the bug**
I am testing Authentik with LDAP federation using a TLS-only openLDAP. The LDAP server runs on Debian Bookworm with a normal TLS setup, a valid LE cert, TLS 1.2+, etc.
The A…