Most recent sightings.

Most recent sightings. https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 05 May 2026 21:42:32 +0000 6367e344-92d8-49e1-a01c-90b5dc1d7d0d https://db.gcve.eu/sighting/6367e344-92d8-49e1-a01c-90b5dc1d7d0d/export {"uuid": "6367e344-92d8-49e1-a01c-90b5dc1d7d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "seen", "source": "https://t.me/cibsecurity/62949", "content": "\u203c CVE-2023-30845 \u203c\n\nESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases.ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability.Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:23.000000Z"} {"uuid": "6367e344-92d8-49e1-a01c-90b5dc1d7d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "seen", "source": "https://t.me/cibsecurity/62949", "content": "\u203c CVE-2023-30845 \u203c\n\nESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases.ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability.Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:23.000000Z"} https://db.gcve.eu/sighting/6367e344-92d8-49e1-a01c-90b5dc1d7d0d/export Thu, 27 Apr 2023 00:25:23 +0000 d428fc6e-b490-4ad6-90ef-804f54ec7d57 https://db.gcve.eu/sighting/d428fc6e-b490-4ad6-90ef-804f54ec7d57/export {"uuid": "d428fc6e-b490-4ad6-90ef-804f54ec7d57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "seen", "source": "https://t.me/ctinow/119046", "content": "https://ift.tt/ckzX7Bn\nGCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845", "creation_timestamp": "2023-06-20T05:41:47.000000Z"} {"uuid": "d428fc6e-b490-4ad6-90ef-804f54ec7d57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "seen", "source": "https://t.me/ctinow/119046", "content": "https://ift.tt/ckzX7Bn\nGCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845", "creation_timestamp": "2023-06-20T05:41:47.000000Z"} https://db.gcve.eu/sighting/d428fc6e-b490-4ad6-90ef-804f54ec7d57/export Tue, 20 Jun 2023 05:41:47 +0000 1fd04308-4db6-49b3-8c46-01b8bef2ea83 https://db.gcve.eu/sighting/1fd04308-4db6-49b3-8c46-01b8bef2ea83/export {"uuid": "1fd04308-4db6-49b3-8c46-01b8bef2ea83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9072", "content": "#exploit\n1. PoC for demonstrating Race Conditions on Websockets\nhttps://github.com/redrays-io/WS_RaceCondition_PoC\n\n2. CVE-2023-4863:\nHeap buffer overflow in the WebP image library\nhttps://blog.isosceles.com/the-webp-0day\n]-> https://github.com/mistymntncop/CVE-2023-4863\n\n3. CVE-2023-30845:\nJWT authentication bypass via \"X-HTTP-Method-Override\"\nhttps://github.com/himori123/-CVE-2023-30845", "creation_timestamp": "2023-09-23T12:27:01.000000Z"} {"uuid": "1fd04308-4db6-49b3-8c46-01b8bef2ea83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9072", "content": "#exploit\n1. PoC for demonstrating Race Conditions on Websockets\nhttps://github.com/redrays-io/WS_RaceCondition_PoC\n\n2. CVE-2023-4863:\nHeap buffer overflow in the WebP image library\nhttps://blog.isosceles.com/the-webp-0day\n]-> https://github.com/mistymntncop/CVE-2023-4863\n\n3. CVE-2023-30845:\nJWT authentication bypass via \"X-HTTP-Method-Override\"\nhttps://github.com/himori123/-CVE-2023-30845", "creation_timestamp": "2023-09-23T12:27:01.000000Z"} https://db.gcve.eu/sighting/1fd04308-4db6-49b3-8c46-01b8bef2ea83/export Sat, 23 Sep 2023 12:27:01 +0000 abe3a93d-bc69-4c1a-826e-214f56d32cc0 https://db.gcve.eu/sighting/abe3a93d-bc69-4c1a-826e-214f56d32cc0/export {"uuid": "abe3a93d-bc69-4c1a-826e-214f56d32cc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5519", "content": "CVE-2023-30845\n\nJWT authentication bypass via \"X-HTTP-Method-Override\"\n\nGithub\n\n#CVE #Bypass #Exploit \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-09-24T09:54:42.000000Z"} {"uuid": "abe3a93d-bc69-4c1a-826e-214f56d32cc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5519", "content": "CVE-2023-30845\n\nJWT authentication bypass via \"X-HTTP-Method-Override\"\n\nGithub\n\n#CVE #Bypass #Exploit \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-09-24T09:54:42.000000Z"} https://db.gcve.eu/sighting/abe3a93d-bc69-4c1a-826e-214f56d32cc0/export Sun, 24 Sep 2023 09:54:42 +0000 47955859-ee33-40f4-85e2-15ee08ed1673 https://db.gcve.eu/sighting/47955859-ee33-40f4-85e2-15ee08ed1673/export {"uuid": "47955859-ee33-40f4-85e2-15ee08ed1673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1103", "content": "#exploit\n1. PoC for demonstrating Race Conditions on Websockets\nhttps://github.com/redrays-io/WS_RaceCondition_PoC\n\n2. CVE-2023-4863:\nHeap buffer overflow in the WebP image library\nhttps://blog.isosceles.com/the-webp-0day\n]-> https://github.com/mistymntncop/CVE-2023-4863\n\n3. CVE-2023-30845:\nJWT authentication bypass via \"X-HTTP-Method-Override\"\nhttps://github.com/himori123/-CVE-2023-30845", "creation_timestamp": "2024-08-16T08:28:21.000000Z"} {"uuid": "47955859-ee33-40f4-85e2-15ee08ed1673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1103", "content": "#exploit\n1. PoC for demonstrating Race Conditions on Websockets\nhttps://github.com/redrays-io/WS_RaceCondition_PoC\n\n2. CVE-2023-4863:\nHeap buffer overflow in the WebP image library\nhttps://blog.isosceles.com/the-webp-0day\n]-> https://github.com/mistymntncop/CVE-2023-4863\n\n3. CVE-2023-30845:\nJWT authentication bypass via \"X-HTTP-Method-Override\"\nhttps://github.com/himori123/-CVE-2023-30845", "creation_timestamp": "2024-08-16T08:28:21.000000Z"} https://db.gcve.eu/sighting/47955859-ee33-40f4-85e2-15ee08ed1673/export Fri, 16 Aug 2024 08:28:21 +0000