You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, really awesome project. I have found two critical vulnerabilities is it possible to remove them?
https://nvd.nist.gov/vuln/detail/CVE-2022-1996 - Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. https://nvd.nist.gov/vuln/detail/CVE-2019-20933 - InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
The text was updated successfully, but these errors were encountered:
Hi, really awesome project. I have found two critical vulnerabilities is it possible to remove them?
https://nvd.nist.gov/vuln/detail/CVE-2022-1996 - Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
https://nvd.nist.gov/vuln/detail/CVE-2019-20933 - InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
The text was updated successfully, but these errors were encountered: