Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Netflix/security-bulletins

Security Bulletins that relate to Netflix Open Source
https://github.com/Netflix/security-bulletins

security

Last synced: 20 days ago
JSON representation

Security Bulletins that relate to Netflix Open Source

Awesome Lists containing this project

README 

        
## Security Bulletins

Below are notifications for security and privacy events within Netflix Open Source applications.



| Date              | Type      | Subject |

|-------------------|-----------|-----------------------------------------------|

| Septeember 27, 2024| High | [Path Traversal in E2Nest](advisories/nflx-2024-004.md)|

| August 1, 2024| Critical | [Server-Side Template Injection in Dispatch Message Templates](advisories/nflx-2024-003.md)|

| May 16, 2024| Critical | [Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE](advisories/nflx-2024-002.md)|

| May 09, 2024| Critical | [Path Traversal vulnerability via File Uploads in Genie](advisories/nflx-2024-001.md)|

| November 09, 2023| Low | [CORS check misconfiguration in the DIAL protocol](advisories/nflx-2023-003.md)|

| August 17, 2023| Critical | [Secret Key used for signing JWT tokens exposure in Dispatch](advisories/nflx-2023-002.md)|

| February 28, 2023| Low | [Insecure random generation in Lemur](advisories/nflx-2023-001.md)|

| March 30, 2022| Critical | [Format String Vulnerability in ConsoleMe](advisories/nflx-2022-001.md)|

| March 23, 2021| Important | [Local Information Disclosure in Priam](advisories/nflx-2021-002.md)|

| March 23, 2021| Important | [Local Information Disclosure in Hollow](advisories/nflx-2021-001.md)|

| March 10, 2021| Important | [Critical Vulnerability Exposing Private Keys in Lemur](advisories/nflx-2021-003.md)|

| December 08, 2020| Important | [SpEL Template injection on Netflix Spinnaker](advisories/nflx-2020-006.md)|

| November 6, 2020 | Important | [Multiple Access Control Issues in Dispatch](advisories/nflx-2020-005.md)|

| November 6, 2020 | Important | [Multiple XSS Vulnerabilities in Dispatch](advisories/nflx-2020-004.md)|

| August 27, 2020 | Important | [Authenticated Server-Side Request Forgery in Orca Spinnaker](advisories/nflx-2020-003.md)|

| March 05, 2020| Important | [Server-Side Template Injection in Netflix Titus](advisories/nflx-2020-002.md)

| February 24, 2020| Important | [Server-Side Template Injection in Netflix Conductor](advisories/nflx-2020-001.md)

| June 20, 2019| Informational | [Dial Reference code implementation has Denial of Service](advisories/nflx-2019-003.md)

| January 10, 2018 | Important | [Unauthenticated Server-Side Request Forgery in Hystrix-Dashboard](advisories/nflx-2018-001.md) |

| April 14, 2017 | Important | [Spinnaker Orca RCE and arbitrary file and URL access](advisories/nflx-2017-001.md) |

| August 31, 2016 | Important | [zuul.filter.admin.enabled Defaults to True](advisories/nflx-2016-003.md) |

| June 6, 2016 | Important | [Heap Overflow in Dynomite YAML Configuration Parser](advisories/nflx-2016-002.md) |

| February 22, 2015 | Important | [External Entity Injection 'XXE' in Recipes-rss Open-Source Application](advisories/nflx-2015-001.md) |



Below are notifications for security vulnerabilities in third-party software.



| Date              | Type      | Subject |

|-------------------|-----------|-----------------------------------------------|

| August 13, 2019 | Important | [HTTP/2 Denial of Service Advisory](advisories/third-party/2019-002.md) |

| June 17, 2019 | Important | [Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities](advisories/third-party/2019-001.md) |



Unfortunately we are not able to address software support issues in this repository. Please contact the upstream project instead.