CVE-2022-43985 - How an Open Redirect in Apache Airflow’s `/confirm` Endpoint Could Expose Your Users
In today’s security-conscious world, even small missteps in web applications can open the door to big troubles. CVE-2022-43985 is a great
CVE-2022-42813 - Unpacking the WKWebView Certificate Validation Bug—From Exploit to Patch
Published: July 2024
Introduction
Apple’s operating systems—macOS, iOS, iPadOS, watchOS, and tvOS—are built with security in mind. However, from time to time,
CVE-2022-31690 - Privilege Escalation Vulnerability in Spring Security OAuth2 (Full Breakdown & Exploit Insight)
In late 2022, a security flaw was discovered in Spring Security's OAuth2 support that exposes web applications to privilege escalation attacks. Known as
CVE-2022-42466 An end user could set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value is saved.
This issue only occurred when the domain object was created via the API. When creating an instance via the REST API or the query builder,
CVE-2022-42980 go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
If you are using the GoCD, then you do not have to worry about this. The GO-CD will generate a new JWT for you
Episode
00:00:00
00:00:00