GHSA-WJ7Q-GJG8-3CPM league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase

Impact Servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. Patches This issue has been patched so that the provided key is...

league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase

Impact Servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. Patches This issue has been patched so that the provided key is...

Design/Logic Flaw

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

CVE-2023-37260 league/oauth2-server key exposed in exception message when passing as string and providing invalid pass phrase

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

Security Bulletin: IBM Match 360 is vulnerable to SnakeYaml's Constructor() class that not restrict types which can be instantiated during deserialization (CVE-2022-1471)

Summary SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict...

PT-2023-4531 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A vulnerability in Node.js allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

CVE-2023-32217

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...

Design/Logic Flaw

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...

[M-01] Unprotected function in Constructor

Lines of code Vulnerability details Impact anyone can deploy the contract, potentially with malicious intent. Proof of Concept The constructor is not protected by any access control mechanism. Recommended Mitigation Steps Add access control to the constructor, such as an Ownable pattern, to ensur...

CVE-2023-32217 SailPoint IdentityIQ Unsafe use of Reflection Vulnerability

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...

CVE-2023-32217

CVE-2023-32217 affects SailPoint IdentityIQ versions 8.0 through 8.3 (with patches up to 8.0p6, 8.1p7, 8.2p6, 8.3p3 respectively). The issue stems from unsafe use of reflection that allows an authenticated user to invoke a Java constructor with no arguments or a single Map argument in any Java cl...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

Possible URL spoofing on wildcard path

Description H3 provides the getRequestURL utility using the new URLa, b constructor. When variable a is attacker-controlled the origin of the resulting URL can be modified. Proof of Concept js // index.js import listen from "listhen"; import createApp, createRouter, eventHandler, toNodeListener,...

SUSE CVE-2023-29939

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnvmlir::spirv::TargetEnvAttr...

Cross site scripting

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

Strikingly CMS 安全漏洞

Strikingly CMS is a content publishing platform. A security vulnerability exists in Strikingly CMS that stems from the Strikingly JavaScript library parsing URL fragments to allow access to proto or constructor properties and object prototypes...

State variables are initialized in an upgradeable contract + there is constructor

Lines of code Vulnerability details Impact Due to a requirement of the proxy-based upgradeability system, no constructors can be used in upgradeable contracts. State variables are initialized in an upgradeable contract Proof of Concept See -upgradeableavoid-initial-values-in-field-declarations...

OffchainDNSResolver Contract Missing onlyOwner Modifier in Constructor Can Lead to DNS Hijacking Attacks

Lines of code Vulnerability details Impact The OffchainDNSResolver contract has a security vulnerability where it doesn't have a safeguard called the onlyOwner modifier in its constructor, this means that anyone can deploy the contract. This could allow a bad actor to create a version of the...

Lack of zero address check throughout the codebase could lead to unwanted redeployments, address(0) ownership and onTokenTransfer unsuccessful.

Lines of code Vulnerability details Impact User defined address should always have zero address check. This checks SHOULD NOT BE MISSED IN CASE OF A FACTORY CONTRACT. This will lead to redeployments of contract and blockage of certain functionality as described below. It is also worth to note tha...