
Yair Mizrahi
Senior Security ResearcherYair Mizrahi is a Senior Vulnerability Researcher at JFrog Security. Mizrahi has over a decade of experience and specializes in vulnerability research and reverse engineering. He is responsible for discovering and analyzing emerging security vulnerabilities. In addition, Mizrahi discovered various zero-days and exploited multiple zero-clicks as an Android vulnerability researcher.
The Latest From Yair Mizrahi
-
Spring WebFlux – CVE-2023-34034 – Write-Up and Proof-of-Concept
| 7 min readSpring Security's newly released versions contain a fix for a broken access control vulnerability - CVE-2023-34034 - which was given a critical NVD severity (CVSS 9.8) and a high severity by Spring’s maintainers. Given the severe potential impact of the vulnerability on Spring WebFlux applications (that use Spring Security for authentication and access control), its…
Read More -
Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis
| 18 min readThe recent OpenSSH double-free vulnerability - CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms - Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.…
Read More -
OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept
| 8 min readOpenSSH's newly released version 9.2p1 contains a fix for a double-free vulnerability. Given the severe potential impact of the vulnerability on OpenSSH servers (DoS/RCE) and its high popularity in the industry, this security fix prompted the JFrog Security Research team to investigate the vulnerability. This blog post provides details on the vulnerability, who is affected,…
Read More