CVE-2024-31204 mailcow Cross-site Scripting Vulnerability via Exception Handler

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEVMODE. The system saves...

PT-2024-23848 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow versions prior to 2024-04 Description: A security issue has been identified in the exception handling mechanism of mailcow, specifically when not operating in DEV MODE. The system saves exception details into a session array without...

GHSA-XJ72-WVFV-8985 vm2 Sandbox Escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat...

JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization

Impact When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to a lack of sanitization of exception messages. Remediation Upgrade Microsoft.Rest.ClientRuntime to version 2.3.24 or higher. References - Microsoft Security Advisory - Update Guide ...