CVE-2021-38294: Apache Storm Nimbus Command Injection
By Zeyad Azima Introduction#CVE-2021-38294 is a Command Injection vulnerability that affects Nimbus server in apache storm in getTopologyHistory services, A successful crafted request to Nimbus server will result in exploitation for this vulnerability will lead to execute malicious command & takeover the server. The affected versions are 1.x prior to 1..
Read more
CVE-2021-45232: Apache APISIX Dashboard Unauthorized Access & Unauth-RCE
By Zeyad Azima IntroductionApache APISIX Dashboard before 2.10.1 is vulnerable to Unauthorized Access Vulnerability known as CVE-2021-45232, The authentication middleware was developed based on the droplet framework. But, some APIs used the gin framework directly as a results it leads for a bypass in authentication & a successfully exploitation for thi..
Read more