Description
Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0.
Remediation
References
https://github.com/fraction/oasis/security/advisories/GHSA-j438-45hc-vjhm
Related Vulnerabilities
CVE-2018-3719 Vulnerability in npm package mixin-deep
CVE-2022-36092 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-25570 Vulnerability in maven package com.ctrip.framework.apollo:apollo
CVE-2020-7961 Vulnerability in maven package com.liferay.portal:com.liferay.portal.impl
CVE-2020-11619 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind