Hi,
Thank you for bringing this in here, Alan!
On Sat, Apr 12, 2025 at 08:58:59AM -0700, Alan Coopersmith wrote:
> https://blog.quarkslab.com/security-audit-of-php-src.html announces the
> completion of a security audit of PHP by Quarkslab, thanks to funding
> provided by Sovereign Tech Fund to T
Hi,
I tried to come up with a better test case / regression test for this
bug / fix (a self-contained C program without randomness), but
unexpectedly ran into the bug manifesting itself differently, which may
be relevant to its exploitability. I'll quote a little bit more context
(than I usually
https://blog.quarkslab.com/security-audit-of-php-src.html announces the
completion of a security audit of PHP by Quarkslab, thanks to funding
provided by Sovereign Tech Fund to The Open Source Technology Improvement Fund.
The blog provides details and a link to the audit report for more.
The summ
Severity: moderate
Affected versions:
- Apache SeaTunnel 2.3.1 through 2.3.10
Description:
# Summary
Unauthorized users can perform Arbitrary File Read and Deserialization
attack by submit job using restful api-v1.
# Details
Unauthorized users can access `/hazelcast/rest/maps/submit-job` to s
