Product

Note-Mark/Backend

2 briefs RSS

Note Mark Arbitrary File Write via Path Traversal Leads to Remote Code Execution

Note Mark is vulnerable to arbitrary file write via path traversal in asset names, leading to remote code execution by overwriting system binaries such as /bin/bash.

note-mark/backend path-traversal rce web-application

3r 4t Jan 9, 2024

critical advisory

Note Mark JWT Secret Weakness Allows Account Takeover

2 rules 2 TTPs

Note Mark is vulnerable to a JWT secret weakness that allows for full account takeover via token forgery by accepting secrets as short as 1 byte, enabling attackers to crack the signing secret offline and forge valid JWTs for any user.

note-mark/backend jwt account-takeover vulnerability

2r 2t Jan 2, 2024