CVE-2022-1438 - Uncovering an XSS Vulnerability in Keycloak's User Impersonation
Keycloak is a widely used, open source identity and access management solution. It powers authentication flows for countless organizations. In 2022, a security flaw—CVE-2022-1438—
CVE-2023-4853 - Quarkus HTTP Security Policy Bypass – How Attackers Might Slip Through Undetected
Published: June 2024
Introduction
Recently, a critical security vulnerability, CVE-2023-4853, was discovered in Quarkus, a popular Java framework. This bug allows attackers to bypass HTTP
CVE-2023-34047 - Understanding and Exploiting the Batch Loader Context Leak in Spring for GraphQL
Spring for GraphQL is a framework that helps Java developers build GraphQL APIs easily. If you're using GraphQL with Spring Boot, there'
CVE-2023-41900 - Weak Authentication Flaw in Jetty OpenIdAuthenticator
Jetty is a widely used Java-based web server and servlet engine, valued for its speed and flexibility. But in 2023, a significant vulnerability—CVE-2023-41900—was
CVE-2023-40167 - Jetty HTTP/1 Header Parsing Vulnerability Explained
Jetty is a popular Java-based web server and servlet engine used in millions of applications, both for development and production purposes. In 2023, a subtle
Episode
00:00:00
00:00:00