Home

Awesome

Security Bulletins

Below are notifications for security and privacy events within Netflix Open Source applications.

DateTypeSubject
Septeember 27, 2024HighPath Traversal in E2Nest
August 1, 2024CriticalServer-Side Template Injection in Dispatch Message Templates
May 16, 2024CriticalArbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE
May 09, 2024CriticalPath Traversal vulnerability via File Uploads in Genie
November 09, 2023LowCORS check misconfiguration in the DIAL protocol
August 17, 2023CriticalSecret Key used for signing JWT tokens exposure in Dispatch
February 28, 2023LowInsecure random generation in Lemur
March 30, 2022CriticalFormat String Vulnerability in ConsoleMe
March 23, 2021ImportantLocal Information Disclosure in Priam
March 23, 2021ImportantLocal Information Disclosure in Hollow
March 10, 2021ImportantCritical Vulnerability Exposing Private Keys in Lemur
December 08, 2020ImportantSpEL Template injection on Netflix Spinnaker
November 6, 2020ImportantMultiple Access Control Issues in Dispatch
November 6, 2020ImportantMultiple XSS Vulnerabilities in Dispatch
August 27, 2020ImportantAuthenticated Server-Side Request Forgery in Orca Spinnaker
March 05, 2020ImportantServer-Side Template Injection in Netflix Titus
February 24, 2020ImportantServer-Side Template Injection in Netflix Conductor
June 20, 2019InformationalDial Reference code implementation has Denial of Service
January 10, 2018ImportantUnauthenticated Server-Side Request Forgery in Hystrix-Dashboard
April 14, 2017ImportantSpinnaker Orca RCE and arbitrary file and URL access
August 31, 2016Importantzuul.filter.admin.enabled Defaults to True
June 6, 2016ImportantHeap Overflow in Dynomite YAML Configuration Parser
February 22, 2015ImportantExternal Entity Injection 'XXE' in Recipes-rss Open-Source Application

Below are notifications for security vulnerabilities in third-party software.

DateTypeSubject
August 13, 2019ImportantHTTP/2 Denial of Service Advisory
June 17, 2019ImportantLinux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities

Unfortunately we are not able to address software support issues in this repository. Please contact the upstream project instead.