CVE-2023-6267

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-755
View all →

Vulnerability Description

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.

Related Vulnerabilities

CVE-2009-5043

CRITICAL
CVSS:9.8(Critical)

burn allows file names to escape via mishandled quotation marks

CWE-7552009

CVE-2017-2877

CRITICAL
CVSS:9.8(Critical)

A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attac...

CWE-7552017

CVE-2017-5638

CRITICAL
CVSS:9.8(Critical)

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows re...

CWE-7552017

CVE-2018-19991

CRITICAL
CVSS:9.8(Critical)

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-20...

CWE-7552018

CVE-2019-12815

CRITICAL
CVSS:9.8(Critical)

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

CWE-7552019

CVE-2019-14431

CRITICAL
CVSS:9.8(Critical)

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseS...

CWE-7552019