/security-bulletins

Security Bulletins that relate to Netflix Open Source

Security Bulletins

Below are notifications for security and privacy events within Netflix Open Source applications.

Date Type Subject
June 20, 2019 Informational Dial Reference code implementation has Denial of Service
January 10, 2018 Important Unauthenticated Server-Side Request Forgery in Hystrix-Dashboard
April 14, 2017 Important Spinnaker Orca RCE and arbitrary file and URL access
August 31, 2016 Important zuul.filter.admin.enabled Defaults to True
June 6, 2016 Important Heap Overflow in Dynomite YAML Configuration Parser
February 22, 2015 Important External Entity Injection 'XXE' in Recipes-rss Open-Source Application

Below are notifications for security vulnerabilities in third-party software.

Date Type Subject
June 17, 2019 Important Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities