Skip to content

Latest commit

 

History

History
40 lines (33 loc) · 3.37 KB

README.md

File metadata and controls

40 lines (33 loc) · 3.37 KB

Security Bulletins

Below are notifications for security and privacy events within Netflix Open Source applications.

Date Type Subject
Septeember 27, 2024 High Path Traversal in E2Nest
August 1, 2024 Critical Server-Side Template Injection in Dispatch Message Templates
May 16, 2024 Critical Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE
May 09, 2024 Critical Path Traversal vulnerability via File Uploads in Genie
November 09, 2023 Low CORS check misconfiguration in the DIAL protocol
August 17, 2023 Critical Secret Key used for signing JWT tokens exposure in Dispatch
February 28, 2023 Low Insecure random generation in Lemur
March 30, 2022 Critical Format String Vulnerability in ConsoleMe
March 23, 2021 Important Local Information Disclosure in Priam
March 23, 2021 Important Local Information Disclosure in Hollow
March 10, 2021 Important Critical Vulnerability Exposing Private Keys in Lemur
December 08, 2020 Important SpEL Template injection on Netflix Spinnaker
November 6, 2020 Important Multiple Access Control Issues in Dispatch
November 6, 2020 Important Multiple XSS Vulnerabilities in Dispatch
August 27, 2020 Important Authenticated Server-Side Request Forgery in Orca Spinnaker
March 05, 2020 Important Server-Side Template Injection in Netflix Titus
February 24, 2020 Important Server-Side Template Injection in Netflix Conductor
June 20, 2019 Informational Dial Reference code implementation has Denial of Service
January 10, 2018 Important Unauthenticated Server-Side Request Forgery in Hystrix-Dashboard
April 14, 2017 Important Spinnaker Orca RCE and arbitrary file and URL access
August 31, 2016 Important zuul.filter.admin.enabled Defaults to True
June 6, 2016 Important Heap Overflow in Dynomite YAML Configuration Parser
February 22, 2015 Important External Entity Injection 'XXE' in Recipes-rss Open-Source Application

Below are notifications for security vulnerabilities in third-party software.

Date Type Subject
August 13, 2019 Important HTTP/2 Denial of Service Advisory
June 17, 2019 Important Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities

Unfortunately we are not able to address software support issues in this repository. Please contact the upstream project instead.