Internet Bug Bounty: ActionView sanitize helper bypass with 'style' and 'svg' tags

The Rails-html-sanitizer, which Rails ActionView also uses, failed to sanitize input when svg and style or math and style tags were allowed. This resulted in a potential XSS vulnerability in applications that used the sanitize helper...

Internet Bug Bounty: CVE-2024-7347: Buffer overread in the ngx_http_mp4_module

CVE-2024-7347 was a vulnerability in the ngxhttpmp4module of NGINX Open Source and NGINX Plus. The vulnerability could have allowed an attacker to over-read NGINX worker memory, resulting in its termination, using a specially crafted MP4 file. The issue only affected NGINX if it was built with th...

Internet Bug Bounty: CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()

CVE-2024-42005: Potential SQL injection in QuerySet.values and valueslist A vulnerability was discovered in Django where the QuerySet.values and valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed argument...

Internet Bug Bounty: [CVE-2024-35176] DoS vulnerability in REXML

CVE-2024-35176: DoS vulnerability in REXML A DoS vulnerability was discovered in the REXML gem. A specially crafted XML document with many '' characters in an attribute value could cause REXML to take a long time to parse it. This issue was assigned the CVE identifier CVE-2024-35176. Users were...

Internet Bug Bounty: important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898)

important: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows CVE-2024-40898 A vulnerability was reported in the Apache HTTP Server that allowed Server-Side Request Forgery SSRF in the server/vhost context on Windows systems with modrewrite enabled. This vulnerability was...

Internet Bug Bounty: CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory

A vulnerability was discovered in NGINX Plus or NGINX OSS when configured to use the HTTP/3 QUIC module. If the network infrastructure supported a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets could cause NGINX worker processes to leak previously...

Internet Bug Bounty: CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation .

The vulnerability CVE-2024-38875 was discovered in the strippunctuation function used by the urlize and urlizetrunc filters. The function had a poor time complexity of On^2 in the worst case, which could lead to uncontrolled resource consumption when processing input with a large number of openin...

Internet Bug Bounty: CVE-2024-34750 Apache Tomcat DoS vulnerability in HTTP/2 connector

CVE-2024-34750: Apache Tomcat Denial of Service Vulnerability A vulnerability was discovered in Apache Tomcat versions between 11.0.0-M1 and 11.0.0-M20, 10.1.0-M1 and 10.1.24, and 9.0.0-M1 and 9.0.89. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers...

Internet Bug Bounty: moderate: Apache HTTP Server: HTTP response splitting (CVE-2023-38709)

moderate: Apache HTTP Server: HTTP response splitting CVE-2023-38709 Faulty input validation in the core of Apache allowed malicious or exploitable backend/content generators to split HTTP responses. This issue affected Apache HTTP Server through version 2.4.58...

Internet Bug Bounty: important: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (CVE-2024-38476)

The Apache HTTP Server vulnerability CVE-2024-38476 was discovered in versions 2.4.0 through 2.4.59. The vulnerability allowed the use of exploitable or malicious backend application output to run local handlers via internal redirect. Users were recommended to upgrade to version 2.4.60, which fix...

Internet Bug Bounty: important: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (CVE-2024-38475)

The Apache HTTP Server was found to have a vulnerability in modrewrite where improper escaping of output allowed attackers to map URLs to filesystem locations that were permitted to be served by the server but were not intentionally/directly reachable by any URL. This resulted in potential code...

Internet Bug Bounty: important: Apache HTTP Server weakness with encoded question marks in backreferences (CVE-2024-38474)

The Apache HTTP Server versions 2.4.0 through 2.4.59 were affected by a substitution encoding issue in modrewrite that allowed attackers to execute scripts in directories permitted by the configuration, but not directly reachable by any URL, or disclose the source of scripts meant to be executed ...

Internet Bug Bounty: [CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML

CVE-2024-32464 ActionText ContentAttachment's can Contain Unsanitized HTML Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag were discovered to potentially contain unsanitized HTML. This vulnerability was assigned the CVE identifier CVE-2024-32464. Versions...

Internet Bug Bounty: CVE-2024-31079 in nginx

CVE-2024-31079 was discovered in the NGINX HTTP/3 QUIC module. When NGINX Plus or NGINX OSS were configured to use this module, undisclosed HTTP/3 requests could cause NGINX worker processes to terminate or experience other potential impact. The vulnerability was classified as a stack-based buffe...

Internet Bug Bounty: CVE-2024-32760 in nginx

CVE-2024-32760 was discovered in the HTTP/3 QUIC module of NGINX Plus and NGINX OSS. When the module was configured, undisclosed HTTP/3 encoder instructions could cause NGINX worker processes to terminate or experience other potential impact...

Internet Bug Bounty: CVE-2019-1551: rsaz_512_sqr overflow bug on x86_64

The CVE-2019-1551 vulnerability was an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli in the OpenSSL library. The vulnerability was found and reported by researchers. The issue was mitigated in the 1.1.1 and 1.0.2 versions of OpenSSL...

Internet Bug Bounty: [CVE-2024-25126] Denial of Service Vulnerability in Rack Content-Type Parsing

A denial of service vulnerability was discovered in the content type parsing component of Rack. The vulnerability was assigned the CVE identifier CVE-2024-25126. The vulnerability affected versions 0.4 and above of Rack, and was addressed in versions 3.0.9.1 and 2.2.8.1...

Internet Bug Bounty: [CVE-2024-26146] Header Parsing leads to Possible Denial of Service Vulnerability

The Rack header parsing library in Ruby on Rails was found to have a potential denial of service vulnerability. The vulnerability was assigned the identifier CVE-2024-26146. It was discovered that carefully crafted headers could cause the header parsing routines to take longer than expected,...

Internet Bug Bounty: [CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch

A ReDoS vulnerability was discovered in the Accept header parsing in Action Dispatch. The vulnerability was assigned the CVE identifier CVE-2024-26142. Affected versions were 7.1.0 to 7.1.3, while versions prior to 7.1.0 and 7.1.3.1 and later were not affected. The vulnerability was reported and ...

Internet Bug Bounty: CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc

A remote code execution vulnerability was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. The vulnerability was caused by the lack of restrictions on the classes that could be restored when parsing .rdocoptions as a YAML file. Additionally, object injection and...