CVE-2020-36232 – The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version …

22 February 2021

Vuln ID: CVE-2020-36232

Published: 2021-02-22 21:15:19Z

Description: The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled.

Source: NVD.NIST.GOV

Date:

22 February 2021

Categorie(s):

NVD

Tag(s):

NVD

Alert! Cisco Releases Critical Security Updates to Fix 2 ASA Firewall 0-Days25 April 2024
Pakistani APT Hackers Attacking Indian Govt Entities With Weaponized Shortcut Files25 April 2024
High Performance Podcast Duo to Unveil Secrets of Success at Infosecurity Europe 202425 April 2024
BforeAI raises $15 million to prevent attacks before they occur25 April 2024
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny25 April 2024