EUVD-2024-2602

Malicious code in bioql PyPI...

CVE-2024-12326 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in...

PT-2024-17544

Name of the Vulnerable Software and Affected Versions Jirafeau affected versions not specified Description The issue concerns a case insensitive MIME type bypass that enables SVG XSS in Jirafeau. Normally, Jirafeau prevents browser preview for SVG files to prevent cross-site scripting exploitatio...

GHSA-VJRG-WPM8-RHRW doctrine/orm Regression in Query Parenthesis can have Security Implications

An issue identified in doctrine/orm project related to statement in Where-Clause were not wrapped in brackets due to improper hadandling of case insensitive check...

Regression in Query Parenthesis can have Security Implications

Return insensitive check after 8453 Problem: -andWhere"u.name = ?1 or u.username = ?1"; did not wrap part in parenthesis when or or and was written in lowercase anymore. It still worked for uppercase OR and AND. Fixes 8595...