{"id":13359336,"url":"https://github.com/Netflix/security-bulletins","last_synced_at":"2025-03-12T11:31:03.005Z","repository":{"id":28660193,"uuid":"32179701","full_name":"Netflix/security-bulletins","owner":"Netflix","description":"Security Bulletins that relate to Netflix Open Source","archived":false,"fork":false,"pushed_at":"2024-09-27T17:43:40.000Z","size":147,"stargazers_count":744,"open_issues_count":2,"forks_count":112,"subscribers_count":586,"default_branch":"master","last_synced_at":"2025-01-30T16:56:02.655Z","etag":null,"topics":["security"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Netflix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-03-13T20:37:48.000Z","updated_at":"2025-01-20T23:56:32.000Z","dependencies_parsed_at":"2024-01-21T02:42:47.536Z","dependency_job_id":"6b82554b-02e9-44b8-a541-b3d3f5c9b9ef","html_url":"https://github.com/Netflix/security-bulletins","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Netflix%2Fsecurity-bulletins","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Netflix%2Fsecurity-bulletins/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Netflix%2Fsecurity-bulletins/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Netflix%2Fsecurity-bulletins/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Netflix","download_url":"https://codeload.github.com/Netflix/security-bulletins/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243208840,"owners_count":20254121,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security"],"created_at":"2024-07-29T21:04:33.453Z","updated_at":"2025-03-12T11:31:02.680Z","avatar_url":"https://github.com/Netflix.png","language":null,"readme":"## Security Bulletins\nBelow are notifications for security and privacy events within Netflix Open Source applications.\n\n\n| Date              | Type      | Subject |\n|-------------------|-----------|-----------------------------------------------|\n| Septeember 27, 2024| High | [Path Traversal in E2Nest](advisories/nflx-2024-004.md)|\n| August 1, 2024| Critical | [Server-Side Template Injection in Dispatch Message Templates](advisories/nflx-2024-003.md)|\n| May 16, 2024| Critical | [Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE](advisories/nflx-2024-002.md)|\n| May 09, 2024| Critical | [Path Traversal vulnerability via File Uploads in Genie](advisories/nflx-2024-001.md)|\n| November 09, 2023| Low | [CORS check misconfiguration in the DIAL protocol](advisories/nflx-2023-003.md)|\n| August 17, 2023| Critical | [Secret Key used for signing JWT tokens exposure in Dispatch](advisories/nflx-2023-002.md)|\n| February 28, 2023| Low | [Insecure random generation in Lemur](advisories/nflx-2023-001.md)|\n| March 30, 2022| Critical | [Format String Vulnerability in ConsoleMe](advisories/nflx-2022-001.md)|\n| March 23, 2021| Important | [Local Information Disclosure in Priam](advisories/nflx-2021-002.md)|\n| March 23, 2021| Important | [Local Information Disclosure in Hollow](advisories/nflx-2021-001.md)|\n| March 10, 2021| Important | [Critical Vulnerability Exposing Private Keys in Lemur](advisories/nflx-2021-003.md)|\n| December 08, 2020| Important | [SpEL Template injection on Netflix Spinnaker](advisories/nflx-2020-006.md)|\n| November 6, 2020 | Important | [Multiple Access Control Issues in Dispatch](advisories/nflx-2020-005.md)|\n| November 6, 2020 | Important | [Multiple XSS Vulnerabilities in Dispatch](advisories/nflx-2020-004.md)|\n| August 27, 2020 | Important | [Authenticated Server-Side Request Forgery in Orca Spinnaker](advisories/nflx-2020-003.md)|\n| March 05, 2020| Important | [Server-Side Template Injection in Netflix Titus](advisories/nflx-2020-002.md)\n| February 24, 2020| Important | [Server-Side Template Injection in Netflix Conductor](advisories/nflx-2020-001.md)\n| June 20, 2019| Informational | [Dial Reference code implementation has Denial of Service](advisories/nflx-2019-003.md)\n| January 10, 2018 | Important | [Unauthenticated Server-Side Request Forgery in Hystrix-Dashboard](advisories/nflx-2018-001.md) |\n| April 14, 2017 | Important | [Spinnaker Orca RCE and arbitrary file and URL access](advisories/nflx-2017-001.md) |\n| August 31, 2016 | Important | [zuul.filter.admin.enabled Defaults to True](advisories/nflx-2016-003.md) |\n| June 6, 2016 | Important | [Heap Overflow in Dynomite YAML Configuration Parser](advisories/nflx-2016-002.md) |\n| February 22, 2015 | Important | [External Entity Injection 'XXE' in Recipes-rss Open-Source Application](advisories/nflx-2015-001.md) |\n\n\n\nBelow are notifications for security vulnerabilities in third-party software.\n\n| Date              | Type      | Subject |\n|-------------------|-----------|-----------------------------------------------|\n| August 13, 2019 | Important | [HTTP/2 Denial of Service Advisory](advisories/third-party/2019-002.md) |\n| June 17, 2019 | Important | [Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities](advisories/third-party/2019-001.md) |\n\nUnfortunately we are not able to address software support issues in this repository. Please contact the upstream project instead.\n","funding_links":[],"categories":["Others","Pentesting"],"sub_categories":["Vulnerability"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNetflix%2Fsecurity-bulletins","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FNetflix%2Fsecurity-bulletins","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNetflix%2Fsecurity-bulletins/lists"}