Overview Recently, NSFOCUS CERT detected that an open source API interface management platform YApi mongo injection vulnerability was publicly released on the Internet. Due to the splicing of a certain function in YApi, MongoDB injection can be realized. Unauthenticated remote attackers can exploit this vulnerability to obtain the user token...
Tag: Open-Source
Advisory: Open-Source Compression Library Libarchive Code Execution Vulnerability (CVE-2019-18408)
Overview Recently, a code execution vulnerability (CVE-2019-18408) was disclosed in the security update of Debian, Ubuntu, Gentoo and other distributions. (more…)
