Skip to content

Critical & High Severity​

Choose a tag to compare

View all tags
@WeThink25 WeThink25 released this 26 Sep 03:25
· 20 commits to main since this release
v1.6
7585350
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Critical & High Severity​

Request/Response Mix-up – prevented user data from being sent to wrong users.
Potential Remote Code Execution (RCE) – fixed vulnerability with partial PUT requests.
DoS in multipart upload – mitigated Denial of Service attacks.
TOCTOU Race Conditions – fixed Time-of-Check to Time-of-Use timing issues.
Resource Shutdown Issues – corrected improper resource management.
Regular Expression Denial of Service (ReDoS) – in TimeUtils.java, unsafe regex patterns fixed.

Moderate & Low Severity​

Security constraint bypasses – ensured constraints cannot be bypassed.
HTTP priority header DoS – mitigated potential Denial of Service via HTTP headers.
CGI and rewrite rule bypasses – fixed vulnerabilities allowing rule circumvention.
Unbounded Input Handling – limited maximum input length in time parsing.
Unsafe Time Parsing – ensured integers are only parsed after regex validation.

Assets 3
Loading