A vulnerability, which was classified as critical, was found in object-path up to 0.11.5. This affects an unknown code. Upgrading to version 0.11.6 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
object-path up to 0.11.5 currentPath type confusion
- Virtual Patching
- August 27, 2021
- 8:04 pm
Contact us to get started
CVE-2024-34515 : SPATIE IMAGE-OPTIMIZER UP TO 1.7.2 PHAR DESERIALIZATION FILE_EXISTS DESERIALIZATION
Description image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). References https://github.com/spatie/image-optimizer/issues/210 https://github.com/spatie/image-optimizer/compare/1.7.2…1.7.3 https://github.com/spatie/image-optimizer/pull/211 For
CVE-2024-32638 : APACHE APISIX 3.8.0/3.9.0 FORWARD-AUTH PLUGIN REQUEST SMUGGLING
Description Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using `forward-auth` plugin. This issue affects
CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION
Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows