Summary
http4k: `ServerFilters.DigestAuth` / `DigestAuthProvider` defaulted to an always-true nonce verifier, disabling replay protection in default deployments
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-GQV6-PWCG-87R8
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
- MEDIUMGHSA-9JR3-RJ99-8JQ3
CoreWCF: SAML token replay protection is inoperative
- HIGHGHSA-869J-R97X-HX2G
Anki's local HTTP server does not sufficiently validate requests
- MEDIUMGHSA-JV2J-MQMW-XVV5
SurrealDB: Denial of Service via deep operator chains
- MEDIUMGHSA-HV6H-HC26-Q48P
SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals
- MEDIUMGHSA-H4H3-3RFJ-X6FQ
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field