Tag

Path Traversal

All articles tagged with #path traversal

Microsoft's AI Web Project Faces Security Flaws

Originally Published 5 months ago — by The Verge

Researchers discovered a critical security flaw in Microsoft's new NLWeb protocol, which allows remote reading of sensitive files, including API keys, due to a path traversal vulnerability. Microsoft patched the issue but has not issued a CVE, raising concerns about security oversight in AI-related protocols. The flaw could have severe consequences for AI agents relying on exposed API keys, emphasizing the need for careful security practices in deploying new AI features.

top-news technology ai-vulnerability microsoft nlweb path-traversal security-flaw technology

Microsoft Azure API Management Service Vulnerabilities Patched

Originally Published 2 years ago — by The Hacker News

Three new security flaws have been discovered in Microsoft Azure API Management service, including two server-side request forgery (SSRF) flaws and one instance of unrestricted file upload functionality in the API Management developer portal. Exploitation of SSRF flaws can result in loss of confidentiality and integrity, permitting a threat actor to read internal Azure resources and execute unauthorized code. Following responsible disclosure, all the three flaws have been patched by Microsoft.

technology api-management-vulnerability api-management api-management-vulnerability microsoft-azure path-traversal security-flaws ssrf