chluo

We found several SQLi vulnerabilities in stock-management-system. Details: The user input $data is used to construct the SQL queries in file routes/ApiRoutes.php. The application code validates the user input $data...

Port security patches in newer version of Lua to Redis

3

Certain security updates in Lua (refer to the commits below) have not been integrated into Redis. According to my discussion with Oran Agra, it appears that Redis is not utilizing...

There is a prototype pollution in file lib/session.js, line 46. `data[key]=params[key];` The code uses `key` as the index for the data object. If `key` is "__proto__", prototype pollution occurs. To...