CVE-2022-4245 - The Hidden Danger in Codehaus-Plexus XmlWriterUtil’s Comment Handling
In late 2022, a subtle but potentially serious vulnerability was uncovered in a widely used Java utility library, Codehaus-Plexus, specifically in the XML utilities it
CVE-2023-40167 - Jetty HTTP/1 Header Parsing Vulnerability Explained
Jetty is a popular Java-based web server and servlet engine used in millions of applications, both for development and production purposes. In 2023, a subtle
CVE-2023-42503 - Exploiting Improper Input Validation in Apache Commons Compress (TAR Parsing) for Denial of Service
In late 2023, security researchers identified a Denial of Service (DoS) vulnerability in Apache Commons Compress library, affecting versions between 1.22 through 1.23.
CVE-2023-41081 - Authentication Bypass in Apache Tomcat Connectors (mod_jk) Explained in Simple Terms
Date disclosed: 2023-09-13
Updated summary: 2023-09-28
Impacted Software: Apache Tomcat Connectors (mod_jk) 1.2. – 1.2.48
Fixed in: mod_jk version 1.2.
CVE-2023-40712 - Unmasking Secret Configurations in Apache Airflow Before 2.7.1
Apache Airflow is an open-source tool used by thousands of companies to programmatically author, schedule, and monitor workflows. However, a critical vulnerability has been discovered
Episode
00:00:00
00:00:00