Tag
### Summary access_token can be exposed in error message on fail in HTTP request. ### Details Using this module, when HTTP request fails, error message can contain access_token. This can be happen when: - module is sending HTTP request with query parameter `?access_token=...`. - and HTTP request fails (errors like `facebook: cannot reach facebook server`). In such situation, error message is constucted like following. https://github.com/huandu/facebook/blob/1591be276561bbdb019c0279f1d33cb18a650e1b/session.go#L558-L567 Original error message contained in it comes from `net/http` module. And it can contain full URL, that can contain query parameter `access_token`: https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/http/client.go;l=629-633 https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/url/url.go;l=30 It should be very common that applications log error message when they encounter errors. As a result, access_token can be stored into log server and some oth...
By Deeba Ahmed Fake Cloud, Real Theft! This is a post from HackRead.com Read the original post: Top Cloud Services Used for Malicious Website Redirects in SMS Scams
4BRO versions prior to 2024-04-17 suffer from insecure direct object reference and API information disclosure vulnerabilities.
Debezium UI version 2.5 suffers from a credential disclosure vulnerability.
Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of
Plus, SS7 vulnerabilities are being exploited and BreachForums is taken down again.
### Impact There is a vulnerability in [GO managing malformed DNS message](https://groups.google.com/g/golang-announce/c/wkkO4P9stm0), which impacts Traefik. This vulnerability could be exploited to cause a denial of service. ### References - [CVE-2024-24788](https://www.cve.org/CVERecord?id=CVE-2024-24788) ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.3 - https://github.com/traefik/traefik/releases/tag/v3.0.1 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
By Uzair Amir Mathilda Studios Partners with Upland to Introduce Guntech 2.5 into Upland’s Web3 Gaming Platform with +10 Locations and… This is a post from HackRead.com Read the original post: Guntech 2.5 to Launch in Upland’s Gaming Ecosystem
By Waqas Unfading Sea Haze's modus operandi spans over five years, with evidence dating back to 2018, reveals Bitdefender Labs' investigation. This is a post from HackRead.com Read the original post: New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea
This post explains how to remove additional users and accounts from your Android device