Dismissed
Permalink
CVE-2026-3053
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
6 packages
- rubyPackages.jekyll-theme-dinky
- rubyPackages_3_1.jekyll-theme-dinky
- rubyPackages_3_2.jekyll-theme-dinky
- rubyPackages_3_3.jekyll-theme-dinky
- rubyPackages_3_4.jekyll-theme-dinky
- rubyPackages_4_0.jekyll-theme-dinky
- @LeSuisse dismissed
DataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authentication
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References
- VDB-347411 | DataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authentication vdb-entry technical-description
- VDB-347411 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
- Submit #757589 | DataLinkDC Dinky <=1.2.5 Authentication Bypass Issues third-party-advisory
- https://github.com/AnalogyC0de/public_exp/issues/6 issue-tracking
- https://github.com/AnalogyC0de/public_exp/issues/6#issue-3935019636 issue-tracking exploit
Affected products
dinky
- ==1.2.5
- ==1.2.2
- ==1.2.1
- ==1.2.3
- ==1.2.0
- ==1.2.4
Ignored packages (6)
pkgs.rubyPackages.jekyll-theme-dinky
None
pkgs.rubyPackages_3_1.jekyll-theme-dinky
None
pkgs.rubyPackages_3_2.jekyll-theme-dinky
None
pkgs.rubyPackages_3_3.jekyll-theme-dinky
None
pkgs.rubyPackages_3_4.jekyll-theme-dinky
None