Résumé
LiteLLM: Authentication Bypass via Host Header Injection
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-CW4Q-GQG5-G38H
OpenClaw: Discord allowFrom could bind to mutable display names
- HIGHGHSA-8C59-HR4W-QG69
OpenClaw: Zalo allowFrom could bind to mutable display names
- CRITICALGHSA-GFJ5-979R-92PW
@acastellon/auth: Authentication bypass via spoofable headers in validateToken()
- HIGHGHSA-38X9-25WX-7FG2
Heimdall: IP Spoofing via Unvalidated Forwarding Headers
- HIGHGHSA-F59H-Q822-G45G
Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`
- MEDIUMGHSA-JVC7-762P-3743
n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes