Explore >> Select a destination
|
You are here 
|
planetscale.com | ||
| | | | |
www.nodejs-security.com
|
|
| | | | | A deep dive into an SSRF bypass vulnerability in the popular npm package `private-ip`. Learn how a blind spot in its private IP validation logic can expose your application to potential SSRF attacks. | |
| | | | |
www.nodejs-security.com
|
|
| | | | | Dive into a critical vulnerability in a popular npm package called `nossrf`. This package aims to shield applications from Server-Side Request Forgery (SSRF) attacks by validating user-provided URLs. However, a clever bypass technique renders these safeguards ineffective. Let's dissect the issue and understand how to stay protected. | |
| | | | |
citizen428.net
|
|
| | | | | bundler-audit is a small utility which can check your Gemfiles contents against the Ruby Advisory Database. You can simply run it via bundle audit and it will report insecure gem sources as well as library versions that have known vulnerabilities: $ bundle audit Insecure Source URI found: git://github.com/compass/compass-rails.git Insecure Source URI found: git://github.com/sinatra/sinatra.git Name: nokogiri Version: 1.8.2 Advisory: CVE-2018-8048 Criticality: Unknown URL: https://github.com/sparklemotion... | |
| | | | |
blog.quarkslab.com
|
|
| | | Join us in our journey into modern Android's Data Encryption at rest, in which we study how it works and assess how resistant it is against attackers having access to a range of high end software vulnerabilities. | ||
