![]() In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.Ī flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The greatest threat to the system is of availability.Ī flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |