Huly Platform
Monthly
Server-side request forgery in hcengineering Huly Platform 0.7.382 allows authenticated remote attackers to make arbitrary HTTP requests from the affected server via manipulation of the Import Endpoint in server/front/src/index.ts, potentially enabling access to internal resources, metadata disclosure, or lateral movement within the infrastructure. Publicly available exploit code exists, and the vendor has not responded to disclosure attempts.
JWT token handling in hcengineering Huly Platform 0.7.382 uses hard-coded cryptographic keys in the token.ts component, allowing remote attackers to forge or manipulate authentication tokens with high attack complexity. The vulnerability affects confidentiality and integrity of token-based authentication but requires significant technical effort to exploit, reflected in a low CVSS score (3.7) and high attack complexity rating. No active exploitation has been confirmed, and the vendor has not responded to disclosure attempts.
Server-side request forgery in hcengineering Huly Platform 0.7.382 allows authenticated remote attackers to make arbitrary HTTP requests from the affected server via manipulation of the Import Endpoint in server/front/src/index.ts, potentially enabling access to internal resources, metadata disclosure, or lateral movement within the infrastructure. Publicly available exploit code exists, and the vendor has not responded to disclosure attempts.
JWT token handling in hcengineering Huly Platform 0.7.382 uses hard-coded cryptographic keys in the token.ts component, allowing remote attackers to forge or manipulate authentication tokens with high attack complexity. The vulnerability affects confidentiality and integrity of token-based authentication but requires significant technical effort to exploit, reflected in a low CVSS score (3.7) and high attack complexity rating. No active exploitation has been confirmed, and the vendor has not responded to disclosure attempts.