skip to content
Back to GitHub.com
Home Bounties Research Advisories CodeQL Wall of Fame Get Involved Events
codeql icon

CodeQL Wall of Fame

The GitHub Security Lab uses CodeQL to perform variant analysis, an important technique for identifying new types of security vulnerabilities of a given class. The Security Lab and its community shares its knowledge with developers, to benefit both open source and commercial organizations.

The CodeQL Wall of Fame is a (non-exhaustive) list of vulnerabilities that the GitHub Security Lab and our community have found using CodeQL. In most cases these vulnerabilities were detected as a direct result of a query launch. In other cases, CodeQL was used to explore the codebase faster and accelerate the manual audit.

Did you find a new CVE thanks to CodeQL? To see your work displayed on the CodeQL Wall of Fame open a submission.

Want to join us in our mission to improve open source security for all? Choose your own adventure to get started:


dots

GHSL-2023-088: Arbitrary File Read in Ombi - CVE-2023-32322

Ombi, an application that allows users to request specific media from popular self-hosted streaming servers, contains a vulnerability that allows administrators to read arbitrary files on the Ombi host.

Kevin Stubbings

GHSL-2023-022: Command Injection in an Apache Cloudstack CI workflow

Apache Cloudstack is vulnerable to a Command Injection in sonar-check.yml.

Jaroslav Lobacevski

GHSL-2023-077: Arbitrary file write in the File Parameters Jenkins Plugin - CVE-2023-32986

Jenkins File Parameters Plugin 285.v757c5b_67a_c25 and earlier does not restrict a file path in a job parameter, allowing attackers with the Job/Configure permission to upload arbitrary files to the Jenkins controller.

Tony Torralba

GHSL-2023-076: Information disclosure in the Sidebar Link Plug-in for Jenkins - CVE-2023-32985

Sidebar Link Plug-in for Jenkins 2.2.1 and earlier does not restrict a file path parameter in an HTTP endpoint, allowing authenticated attackers to enumerate arbitrary files on the Jenkins controller file system.

Tony Torralba

GHSL-2023-075: Server-Side Request Forgery (SSRF) in the AppSpider Jenkins plugin - CVE-2023-32998, CVE-2023-32999

A Server-Side Request Forgery (SSRF) vulnerability was found in the AppSpider Jenkins plugin. An unauthenticated attacker can leverage this vulnerability to send requests to arbitrary hosts.

Alvaro Munoz

GHSL-2023-072: Several Server-Side Request Forgery (SSRF) vulnerabilities in the Codedx Jenkins plugin - CVE-2023-2195, CVE-2023-2631

Several Server-Side Request Forgery (SSRF) vulnerabilities were found in the Codedx Jenkins plugin. An unauthenticated attacker can leverage this vulnerabilities to send requests to arbitrary hosts.

Alvaro Munoz

GHSL-2023-058_GHSL-2023-059: ZipSlip in Jenkins Pipeline Utility Steps Plugin - CVE-2023-32981

Jenkins Pipeline Utility Steps Plugin 2.15.1 and earlier allows attackers able to manipulate a TAR or ZIP file extracted by the plugin to create or replace any file on the file system.

Tony Torralba

GHSL-2023-055: XML external entity (XXE) or server-side request forgery (SSRF) in SAML SSO Jenkins Plugin - CVE-2023-32991, CVE-2023-32992

Authenticated attackers can send specific HTTP requests that force Jenkins to download and parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller, as well as server-side request forgery.

Tony Torralba

GHSL-2023-001: ReDoS in SQLparse - CVE-2023-30608

SQLparse has a ReDoS (regular expression denial of service) in the parser for SQL expressions.

Erik Krogh Kristensen

GHSL-2023-051: Command Injection in React Native OneSignal SDK - CVE-2023-28430

React Native OneSignal SDK repository is vulnerable to a Command Injection in Zapier.yml.

Jorge Rosillo

GHSL-2023-027: Command Injection in Cocos - CVE-2023-26493

Cocos Engine is vulnerable to a Command Injection in web-interface-check.yml.

Jorge Rosillo

GHSL-2022-129: XML External Entity (XXE) injection in GeoNode - CVE-2023-26043

GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read.

Jorge Rosillo

GHSL-2022-094: Remote Code Execution in discordrb - CVE-2023-28102

The encode_file method may lead to remote code execution if invoked with untrusted user-controlled data.

Erik Krogh Kristensen

GHSL-2021-110: ReDoS in validators

validators contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).

Erik Krogh Kristensen, Rasmus Petersen

GHSL-2021-109: ReDoS in textacy

textacy contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).

Erik Krogh Kristensen, Rasmus Petersen

GHSL-2022-131: XML External Entities (XXE) injection in OWSLib - CVE-2023-27476

OWSLib does not disable entity resolution for XML parsing, leading to XML External Entities (XXE) injection.

Jorge Rosillo

GHSL-2022-074: Arithmetic overflow in sysstat - CVE-2022-39377

On 32 bit systems, an arithmetic overflow present in allocate_structures can be triggered when displaying activity data files and may lead to a variety of exploit primitives due to an incorrectly sized buffer.

Kevin Stubbings

GHSL-2020-295: ReDoS (Regular Expression Denial of service) in is.js - CVE-2020-26302

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2022-070_GHSL-2022-072: SQL injection in Arches - CVE-2022-41892

The Arches project contains multiple blind SQL injection vulnerabilities, that allow an attacker to query the underlying database.

Sylwia Budzynska

GHSL-2022-028: Copy/paste cross-site scripting (XSS) in codex-team

codex-team/editor.js is vulnerable to XSS attacks when copy/pasting specially crafted input into the editor.

Stephan Brandauer, Erik Krogh Kristensen, Daniel Santos

GHSL-2022-073: Denial of Service (DoS) in Fat Free CRM - CVE-2022-39281

A denial of service vulnerability existed in Fat Free CRM where an authenticated attacker could have prevented the web application from handling any requests.

Peter Stöckli

GHSL-2022-069: Remote Code Execution (RCE) in CircuitVerse - CVE-2022-36038

A remote code execution (RCE) vulnerability in CircuitVerse allowed authenticated attackers to execute arbitrary code via specially crafted JSON payloads.

Peter Stöckli

GHSL-2022-063: Remote Code Execution (RCE) in Arvados Workbench - CVE-2022-36006

A remote code execution (RCE) vulnerability in the Arvados Workbench allowed authenticated attackers to execute arbitrary code via specially crafted JSON payloads.

Peter Stöckli

GHSL-2022-062: Arbitrary File Read in Tasks.org Android app - CVE-2022-39349

A malicious or compromised application in the same device could force Tasks.org to copy files from its internal storage to the external storage directory, where they become accessible to any component with permission to read the external storage.

Tony Torralba

GHSL-2022-033_GHSL-2022-034: SpEL Injection in Nepxion/Discovery - CVE-2022-23463, CVE-2022-23464

Nepxion/Discovery is vulnerable to SpEL Injection in discovery-commons and a potential SSRF in discovery-plugin-admin-center.

Jorge Rosillo

GHSL-2022-025: Regular Expression Denial of Service (ReDoS) in Apache OFBiz - CVE-2022-29158

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Specially crafted URLs may cause catastrophic backtracking, taking exponential time to complete.

Tony Torralba, Joseph Farebrother

GHSL-2022-029: XSS in Toast UI Grid - CVE-2022-23458

The nhn/tui.grid component is vulnerable to XSS attacks when pasting specially crafted content into editable cells.

Erik Krogh Kristensen, Stephan Brandauer, Daniel Santos

GHSL-2022-021: Regular Expression Denial of Service (ReDoS) in Apache Tika - CVE-2022-30126, CVE-2022-33879

Apache Tika up to version 1.28.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles standard references in text files. Specially crafted files may cause catastrophic backtracking, taking exponential time to complete.

Tony Torralba, Joseph Farebrother, Jaroslav Lobačevski

GHSL-2022-001: Deserialization vulnerability in Orckestra C1 CMS - CVE-2022-24789

Deserialization of untrusted data allows for Server Side Request Forgery (SSRF) or arbitrary file truncation.

Jaroslav Lobacevski

GHSL-2022-046: Arbitrary Intent in WordPress for Android leads to read and write access

The WordPress for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in WordPress for Android.

Tony Torralba

GHSL-2021-111: ReDoS (Regular Expression Denial of Service) in Dependency Parser - CVE-2022-39280

Dependency Parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).

Erik Krogh Kristensen, Rasmus Petersen

GHSL-2021-1035: Cross-Site Scripting (XXS) in Cockpit Next - CVE-2021-32857

Bad HTML sanitization in htmleditor.js may lead to cross-site scripting (XSS) issues.

Erik Krogh Kristensen

GHSL-2021-1034: HTML sanitizer bypass leading to XSS in esdoc-publish-html-plugin - CVE-2021-32858

The esdoc-publish-html-plugin HTML sanitizer can be bypassed which may lead to cross-site scripting (XSS) issues.

Erik Krogh Kristensen

GHSL-2021-070: Command injection in react-dev-utils - CVE-2020-1920

There exists a command injection in the react-dev-utils npm package, which is a part of Facebook's facebook/create-react-app repository.

Erik Krogh Kristensen

GHSL-2021-1007: SQL Injection and insufficient permission control in Nextcloud Android app - CVE-2021-43863, CVE-2021-41166

The Nextcloud Android app uses content providers to manage its data. The providers FileContentProvider and DiskLruImageCacheFileProvider have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system.

GitHub Security Lab

GHSL-2021-1033: Intent URI permission manipulation in Nextcloud News for Android - CVE-2021-41256

The Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android.

GitHub Security Lab

GHSL-2021-100: ReDoS (Regular Expression Denial of Service) in Octobox - CVE-2021-32848

A user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability.

Nick Rolfe

Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution - CVE-2021-43267

SentinelLabs discovered a heap overflow vulnerability in the TIPC module of the Linux Kernel.

Max Van Amerongen

GHSL-2021-102: ReDoS (Regular Expression Denial of Service) in Fluentd - CVE-2021-41186

parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.

Nick Rolfe

GHSL-2021-118: ReDoS (Regular Expression Denial of Service) in Zulip - CVE-2021-41115

Zulip contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).

Erik Krogh Kristensen, Rasmus Petersen

GHSL-2020-348: ReDoS (Regular Expression Denial of Service) in DevExtreme

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-304: ReDoS (Regular Expression Denial of Service) in CyberChef

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-292: ReDoS (Regular Expression Denial of Service) in CKEditor 5 - CVE-2021-21254

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

Hunting for XSS with CodeQL

Writing a query to find clipboard-based XSS bugs.

Daniel Santos

GHSL-2021-098: ReDoS in OpenProject - CVE-2021-32763

A user of the system can post a message on a forum containing a specifically crafted string that will trigger a ReDoS vulnerability.

Nick Rolfe

GHSL-2020-310: ReDoS (Regular Expression Denial of Service) in Rocket Chat - CVE-2021-32832

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-258: ZipSlip vulnerability in bblfshd - CVE-2021-32825

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.

Chris Smowton

GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-2021-30181, CVE-2021-32824

Multiple vulnerabilities have been found in Apache Dubbo enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers.

Alvaro Munoz

GHSL-2021-075: Path injection in Django - CVE-2021-33203

A Path Injection issue was found in django that allows a malicious admin user to disclose the presence of files on the file-system if the module django.contrib.admindocs is enabled.

Rasmus Lerchedahl Petersen, Rasmus Wriedt Larsen

GHSL-2020-293: Regular expression Denial of Service in react-native - CVE-2020-1920

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-345: Regular expression Denial of Service in mootools - CVE-2021-32821

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2021-032: Template object injection in Mailtrain - CVE-2021-27136

Dangerous usage of the template rendering API may lead to Cross Site Scripting (XSS), file disclosure, and Remote Code Execution (RCE).

Agustin Gianni

GHSL-2020-373: Command injection in node-notifier

node-notifier recently addressed a command injection vulnerability with an insufficient fix, resulting in command injection through malicious input still being possible.

Erik Krogh Kristensen

GHSL-2020-357: ReDoS (Regular Expression Denial of Service) in amazeui

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-352: ReDoS (Regular Expression Denial of Service) in revalidator

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-350: ReDoS (Regular Expression Denial of Service) in ng2-validation

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-339: Command Injection vulnerability in OMF

A Command Injection vulnerability has been found in Open Modeling Framework (OMF)

GitHub Security Lab

GHSL-2020-336: reflected Cross-Site scripting (XSS) in analytics-quarry-web - CVE-2020-36324

A reflected Cross-Site scripting (XSS) vulnerability has been found in analytics-quarry-web

Rasmus Wriedt Larsen

GHSL-2020-358: Regular expression Denial of Service in Schema-Inspector

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-349: ReDoS (Regular Expression Denial of Service) in date-and-time - CVE-2020-26289

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-343: ReDoS (Regular Expression Denial of Service) in Vant

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-359: ReDoS (Regular Expression Denial of Service) in etherpad-lite

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2021-030: ReDoS (Regular expression Denial of Service in CodeMirror

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-257: The unsafe handling of symbolic links in an unpacking routine in oras - CVE-2021-21272

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.

Chris Smowton

GHSL-2020-308: ReDoS (Regular Expression Denial of Service) in TinyMCE

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-299: ReDoS (Regular Expression Denial of Service) in simple-markdown

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-294: ReDoS (Regular Expression Denial of Service) in jquery.validation - CVE-2021-21252

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-311: Regular Expression Denial of Service in SquadCal

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-309: Regular Expression Denial of Service in Fast-csv - CVE-2020-26256

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-307: Regular Expression Denial of Service in CodeMirror

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-306: Regular Expression Denial of Service in highlight.js

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-300: Regular Expression Denial of Service in markdown-to-jsx

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-298: Regular Expression Denial of Service in Metro-UI-CSS

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)

Erik Krogh Kristensen

GHSL-2020-262: Unsafe handling of symbolic links in go-slug unpacking routine - CVE-2020-29529

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.

Chris Smowton

GHSL-2020-261: Unsafe handling of symbolic links in oc unpacking routine - CVE-2020-27833

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.

Chris Smowton

GHSL-2020-256: Unsafe handling of symbolic links in dbdeployer unpacking routine - CVE-2020-26277

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.

Chris Smowton

GHSL-2020-252: Unsafe handling of symbolic links in archiver unpacking routine

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.

Chris Smowton

Variant analysis of the ‘Sequoia’ bug

Variant analysis of the Sequoia bug discovered by the Qualys Research team, identified by CVE-2021-33909.

Jordy Zomer

GHSL-2020-212: Template injection in Cron-utils - CVE-2020-26238

A Template Injection was identified in Cron-Utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability

Alvaro Munoz

GHSL-2020-204: Server-Side Template Injection in Corona Warn App Server

A Server-Side Template Injection was identified in Corona Warn App Server enabling attackers to inject arbitrary Java EL expressions, leading to un-auth Remote Code Execution (RCE) vulnerability

Alvaro Munoz

GHSL-2020-145: Command injection on Windows in Opener

Although code execution is part of the intended purpose of Opener, a crafted url can run an arbitrary shell command rather than just launching a browser.

GitHub Security Lab

GHSL-2020-126: Open URL redirect in Orange Forum 1.x.x

There exists an `Open URL redirect` vulnerability in the 1.x.x branch of Orange Forum. An attacker can send an Orange Forum user a crafted link targeting the login page of Orange Forum, redirecting to a malicious site.

GitHub Security Lab

GHSL-2020-109: Command injection in codecov

The `upload` method has a command injection vulnerability. Clients of the `codecov-node` library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

GitHub Security Lab

GHSL-2020-086, 087, 088, 089 - Server-Side Template Injection in Apache Camel - CVE-2020-11994

Apache Camel FreeMarker, Velocity, MVEL and Moustache components are vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) or Arbitrary File Disclosure.

Alvaro Munoz

GHSL-2020-069: Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496

Apache OfBiz is vulnerable to pre-auth Remote Code Execution (RCE) via unsafe deserialization.

Alvaro Munoz

GHSL-2020-068: Cross-Site Scripting in Apache OfBiz - CVE-2020-9496

Apache OfBiz is vulnerable to Reflected Cross-Site Scripting through POST request

Alvaro Munoz

GHSL-2020-055: Server-Side Template Injection in Apache Syncope (RCE) - CVE-2019-17557

The GitHub Security Lab team has identified several potential security vulnerabilities in Apache Syncope, including RCE and XSS.

Alvaro Munoz

GHSL-2020-029: Server-Side template injection in Apache Syncope (RCE) - CVE-2020-1959

The GitHub Security Labs team has identified a Server-Side template injection vulnerability in Apache Syncope, which leads to RCE.

Alvaro Munoz

GHSL-2020-085: Open redirect vulnerability in Sourcegraph - CVE-2020-12283

By exploiting an open redirect vulnerability, an attacker could potentially redirect a victim to any arbitrary URL and access their OAUTH token.

Alvaro Munoz

GHSL-2020-030: Server-Side Template Injection in Dropwizard

Server-Side Template Injection in Dropwizard leading to Remote Code Execution (RCE).

Alvaro Munoz

GHSL-2020-015: Remote Code Execution - Bypass of CVE-2018-16621 mitigations in Nexus Repository Manager

High privileged users can bypass the existing mitigations and inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.

Alvaro Munoz

GHSL-2020-014: Remote Code execution - Dynamic Code Evaluation via Scheduled Tasks in Nexus Repository Manager

It is possible for a user with the right permissions to execute arbitrary groovy or javascript scripts resulting in remote code execution.

Alvaro Munoz

GHSL-2020-013: Remote Code Execution - Dynamic Code Evaluation via Scripts in Nexus Repository Manager

It is possible for a user with the right permissions to execute arbitrary groovy or javascript scripts resulting in remote code execution.

Alvaro Munoz

GHSL-2020-012: Remote Code Execution - JavaEL Injection (high privileged accounts) in Nexus Repository Manager

High privileged users can inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.

Alvaro Munoz

GHSL-2020-016: Persistent Cross-Site scripting in Nexus Repository Manager

An attacker with elevated privileges can create content selectors with a specially crafted name using the REST API, which when viewed by another user can execute arbitrary JavaScript in the context of the NXRM application.

Alvaro Munoz

GHSL-2020-011: Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Attackers can inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.

Alvaro Munoz

GHSL-2020-028: Server-Side Template Injection in Netflix Titus

A Server-Side Template Injection was identified in Netflix Titus enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.

Alvaro Munoz

GHSL-2020-027: Server-Side Template Injection in Netflix Conductor

A Server-Side Template Injection was identified in Netflix Conductor enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.

Alvaro Munoz