Lottie Player (lottiefiles/lottie-player) is a web component that renders lightweight, high-quality animations from JSON files created with tools like Adobe After Effects, enabling scalable and interactive animations on websites and apps. Incident On October 30, 2024, the company posted an update on the forum about the recently infected versions of the Lottie Web Player. In the post, … Continue reading “Lottie Player (lottiefiles/lottie-player) Supply Chain Attack”
Tag: WAS
Unauthorized Access Vulnerability in InPost PL and WooCommerce Plugin (CVE-2024-6500)
The InPost for WooCommerce and InPost PL WordPress plugins are tools designed to integrate InPost’s parcel locker delivery services with WooCommerce and WordPress websites. The InPost for WooCommerce plugin allows customers to choose InPost parcel lockers as a delivery option during checkout, streamlining shipping processes.
WordPress Redux Framework Plugin: Unauthenticated JSON File Upload Vulnerability (CVE-2024-6828)
The Redux Framework plugin is a powerful and extensible options framework for WordPress that allows developers to create custom themes and plugins with an intuitive user interface for settings and configurations. On July 22th, 2024, a high security vulnerability was discovered in the Redux Framework plugin for WordPress, marked as CVE-2024-6828. The plugins have more than … Continue reading “WordPress Redux Framework Plugin: Unauthenticated JSON File Upload Vulnerability (CVE-2024-6828)”
Apache HTTP Server Prior to 2.4.60 Multiple Security Vulnerabilities
The Apache HTTP Server is a free and open-source cross-platform web server software. Multiple vulnerabilities have been addressed in Apache HTTP Server version 2.4.60. These vulnerabilities affect versions prior to 2.4.59 and have been resolved in version 2.4.60.