[oss-security] [kubernetes] Multiple vulnerabilities in ingress-nginx

Hello oss-sec, Multiple issues have been discovered in ingress-nginx that can result in arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access al

[oss-security] CVE-2024-53679: Apache VCL: XSS vulnerability in User Lookup impacting user privileges

Affected versions: - Apache VCL 2.1 through 2.5.1 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be

[oss-security] CVE-2024-53678: Apache VCL: SQL injection vulnerability in New Block Allocation form

Affected versions: - Apache VCL 2.2 through 2.5.1 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modi

[oss-security] CVE-2025-27553: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT

Severity: low Affected versions: - Apache Commons VFS before 2.10.0 Description: Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises th

Re: [oss-security] [kubernetes] Multiple vulnerabilities in ingress-nginx

On Mon, Mar 24, 2025 at 02:38:17PM -0500, Tabitha Sable wrote: > Hello oss-sec, > > Multiple issues have been discovered in ingress-nginx that can result in > arbitrary code execution in the context of the ingress-nginx controller. > This can lead to disclosure of Secrets accessible to the control