Rails Active Storage has possible content type bypass via metadata in direct uploads

Impact Active Storage's DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the same metadata hash, a malicious direct-upload client could set these flags. Releases The fixed releases are...

CVE-2023-26452

Open-Xchange App Suite's imageconverter service is affected by an SQL injection vulnerability triggered when caching an image and returning its metadata, allowing arbitrary SQL statements to execute in the service DB user context. Exploitation requires access to adjacent networks (not exposed pub...

OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)

It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory...

Facebook implementing Advanced HTTPS to minimize NSA Interception

For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. There have been a lot of news stories about NSA surveillance programs following the leaks of secret documents by Edward Snowden. We have learned that the NSA is collecting...