#vulnerability

**Why are we publishing this Kubernetes CVE in the Security Update Guide?** We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster. **How do I know if I am affected by these vulnerabilities?** If you are running your own **Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions** (v1.11.5 and v1.12.1). **If you are using the** Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required. The status of the AKS deployment can be monitored here: AKS Release Status. **Where can I find more information about these vulnerabilities?** CVE ID Link to Github Issue CVE...

**Why are we publishing this Kubernetes CVE in the Security Update Guide?** We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster. **How do I know if I am affected by these vulnerabilities?** If you are running your own **Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions** (v1.11.5 and v1.12.1). **If you are using the** Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required. The status of the AKS deployment can be monitored here: AKS Release Status. **Where can I find more information about these vulnerabilities?** CVE ID Link to Github Issue CVE...

**Why are we publishing this Kubernetes CVE in the Security Update Guide?** We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster. **How do I know if I am affected by these vulnerabilities?** If you are running your own **Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions** (v1.11.5 and v1.12.1). **If you are using the** Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required. The status of the AKS deployment can be monitored here: AKS Release Status. **Where can I find more information about these vulnerabilities?** CVE ID Link to Github Issue CVE...

**Why are we publishing this Kubernetes CVE in the Security Update Guide?** We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster. **How do I know if I am affected by these vulnerabilities?** If you are running your own **Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions** (v1.11.5 and v1.12.1). **If you are using the** Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required. The status of the AKS deployment can be monitored here: AKS Release Status. **Where can I find more information about these vulnerabilities?** CVE ID Link to Github Issue CVE...

Gartner describes infrastructure as code (IaC) as a key way to unlock the potential of the cloud. However,…

Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception message This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.

Cybercriminals are always looking for new ways to take advantage of people. One effective method they use is…

AI systems are becoming a huge part of our lives, but they are not perfect. Red teaming helps…