- EPSS 0.23%
- Veröffentlicht 09.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:55:38
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly...
- EPSS 0.27%
- Veröffentlicht 16.11.2021 10:15:06
- Zuletzt bearbeitet 21.11.2024 05:55:38
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrar...
CVE-2021-25938
- EPSS 0.24%
- Veröffentlicht 24.05.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:55:38
In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options...