Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/netflix/security-bulletins
Security Bulletins that relate to Netflix Open Source
https://github.com/netflix/security-bulletins
security
Last synced: 3 months ago
JSON representation
Security Bulletins that relate to Netflix Open Source
- Host: GitHub
- URL: https://github.com/netflix/security-bulletins
- Owner: Netflix
- Created: 2015-03-13T20:37:48.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-11-09T21:02:45.000Z (7 months ago)
- Last Synced: 2024-01-21T02:45:47.551Z (5 months ago)
- Topics: security
- Size: 127 KB
- Stars: 735
- Watchers: 578
- Forks: 121
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Lists
- awesome-security-collection - **695**星
- awesome-cyber-security - **692**星
- awesome-cyber-security - **695**星
README
## Security Bulletins
Below are notifications for security and privacy events within Netflix Open Source applications.
| Date | Type | Subject |
|-------------------|-----------|-----------------------------------------------|
| November 09, 2023| Low | [CORS check misconfiguration in the DIAL protocol](advisories/nflx-2023-003.md)|
| August 17, 2023| Critical | [Secret Key used for signing JWT tokens exposure in Dispatch](advisories/nflx-2023-002.md)|
| February 28, 2023| Low | [Insecure random generation in Lemur](advisories/nflx-2023-001.md)|
| March 30, 2022| Critical | [Format String Vulnerability in ConsoleMe](advisories/nflx-2022-001.md)|
| March 23, 2021| Important | [Local Information Disclosure in Priam](advisories/nflx-2021-002.md)|
| March 23, 2021| Important | [Local Information Disclosure in Hollow](advisories/nflx-2021-001.md)|
| March 10, 2021| Important | [Critical Vulnerability Exposing Private Keys in Lemur](advisories/nflx-2021-003.md)|
| December 08, 2020| Important | [SpEL Template injection on Netflix Spinnaker](advisories/nflx-2020-006.md)|
| November 6, 2020 | Important | [Multiple Access Control Issues in Dispatch](advisories/nflx-2020-005.md)|
| November 6, 2020 | Important | [Multiple XSS Vulnerabilities in Dispatch](advisories/nflx-2020-004.md)|
| August 27, 2020 | Important | [Authenticated Server-Side Request Forgery in Orca Spinnaker](advisories/nflx-2020-003.md)|
| March 05, 2020| Important | [Server-Side Template Injection in Netflix Titus](advisories/nflx-2020-002.md)
| February 24, 2020| Important | [Server-Side Template Injection in Netflix Conductor](advisories/nflx-2020-001.md)
| June 20, 2019| Informational | [Dial Reference code implementation has Denial of Service](advisories/nflx-2019-003.md)
| January 10, 2018 | Important | [Unauthenticated Server-Side Request Forgery in Hystrix-Dashboard](advisories/nflx-2018-001.md) |
| April 14, 2017 | Important | [Spinnaker Orca RCE and arbitrary file and URL access](advisories/nflx-2017-001.md) |
| August 31, 2016 | Important | [zuul.filter.admin.enabled Defaults to True](advisories/nflx-2016-003.md) |
| June 6, 2016 | Important | [Heap Overflow in Dynomite YAML Configuration Parser](advisories/nflx-2016-002.md) |
| February 22, 2015 | Important | [External Entity Injection 'XXE' in Recipes-rss Open-Source Application](advisories/nflx-2015-001.md) |
Below are notifications for security vulnerabilities in third-party software.
| Date | Type | Subject |
|-------------------|-----------|-----------------------------------------------|
| August 13, 2019 | Important | [HTTP/2 Denial of Service Advisory](advisories/third-party/2019-002.md) |
| June 17, 2019 | Important | [Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities](advisories/third-party/2019-001.md) |
Unfortunately we are not able to address software support issues in this repository. Please contact the upstream project instead.