Below are notifications for security and privacy events within Netflix Open Source applications.
Date |
Type |
Subject |
May 16, 2024 |
Critical |
Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE |
May 09, 2024 |
Critical |
Path Traversal vulnerability via File Uploads in Genie |
November 09, 2023 |
Low |
CORS check misconfiguration in the DIAL protocol |
August 17, 2023 |
Critical |
Secret Key used for signing JWT tokens exposure in Dispatch |
February 28, 2023 |
Low |
Insecure random generation in Lemur |
March 30, 2022 |
Critical |
Format String Vulnerability in ConsoleMe |
March 23, 2021 |
Important |
Local Information Disclosure in Priam |
March 23, 2021 |
Important |
Local Information Disclosure in Hollow |
March 10, 2021 |
Important |
Critical Vulnerability Exposing Private Keys in Lemur |
December 08, 2020 |
Important |
SpEL Template injection on Netflix Spinnaker |
November 6, 2020 |
Important |
Multiple Access Control Issues in Dispatch |
November 6, 2020 |
Important |
Multiple XSS Vulnerabilities in Dispatch |
August 27, 2020 |
Important |
Authenticated Server-Side Request Forgery in Orca Spinnaker |
March 05, 2020 |
Important |
Server-Side Template Injection in Netflix Titus |
February 24, 2020 |
Important |
Server-Side Template Injection in Netflix Conductor |
June 20, 2019 |
Informational |
Dial Reference code implementation has Denial of Service |
January 10, 2018 |
Important |
Unauthenticated Server-Side Request Forgery in Hystrix-Dashboard |
April 14, 2017 |
Important |
Spinnaker Orca RCE and arbitrary file and URL access |
August 31, 2016 |
Important |
zuul.filter.admin.enabled Defaults to True |
June 6, 2016 |
Important |
Heap Overflow in Dynomite YAML Configuration Parser |
February 22, 2015 |
Important |
External Entity Injection 'XXE' in Recipes-rss Open-Source Application |
Below are notifications for security vulnerabilities in third-party software.
Unfortunately we are not able to address software support issues in this repository. Please contact the upstream project instead.