Septeember 27, 2024 | High | Path Traversal in E2Nest |
August 1, 2024 | Critical | Server-Side Template Injection in Dispatch Message Templates |
May 16, 2024 | Critical | Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE |
May 09, 2024 | Critical | Path Traversal vulnerability via File Uploads in Genie |
November 09, 2023 | Low | CORS check misconfiguration in the DIAL protocol |
August 17, 2023 | Critical | Secret Key used for signing JWT tokens exposure in Dispatch |
February 28, 2023 | Low | Insecure random generation in Lemur |
March 30, 2022 | Critical | Format String Vulnerability in ConsoleMe |
March 23, 2021 | Important | Local Information Disclosure in Priam |
March 23, 2021 | Important | Local Information Disclosure in Hollow |
March 10, 2021 | Important | Critical Vulnerability Exposing Private Keys in Lemur |
December 08, 2020 | Important | SpEL Template injection on Netflix Spinnaker |
November 6, 2020 | Important | Multiple Access Control Issues in Dispatch |
November 6, 2020 | Important | Multiple XSS Vulnerabilities in Dispatch |
August 27, 2020 | Important | Authenticated Server-Side Request Forgery in Orca Spinnaker |
March 05, 2020 | Important | Server-Side Template Injection in Netflix Titus |
February 24, 2020 | Important | Server-Side Template Injection in Netflix Conductor |
June 20, 2019 | Informational | Dial Reference code implementation has Denial of Service |
January 10, 2018 | Important | Unauthenticated Server-Side Request Forgery in Hystrix-Dashboard |
April 14, 2017 | Important | Spinnaker Orca RCE and arbitrary file and URL access |
August 31, 2016 | Important | zuul.filter.admin.enabled Defaults to True |
June 6, 2016 | Important | Heap Overflow in Dynomite YAML Configuration Parser |
February 22, 2015 | Important | External Entity Injection 'XXE' in Recipes-rss Open-Source Application |