33187 matches found
Code Injection in pyload-ng
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
Access of Resource Using Incompatible Type in Facebook Hermes
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
Crash due to malformed relay protocol message
Impact 1. syncthing can be caused to crash and exit if sent a malformed relay protocol message message with a negative length field. 2. The relay server strelaysrv can be caused to crash and exit if sent a malformed relay protocol message with a negative length field. At no point is sensitive dat...
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server
The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery SSRF vulnerability. The vulnerability arises due to unsafe usage of the logouri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP reque...
OS Command Injection in node-prompt-here
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The runCommand is called by getDevices function in file linux/manager.js, which is required by the index. process.env.NMCLI in the file linux/manager.js. This function is used to construct the argument of function execSync,...
Regular Expression Denial of Service (ReDoS)
npm ssri 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...
Path Traversal in angular-http-server
Affected versions of angular-http-server are vulnerable to path traversal allowing a remote attacker to read files from the server that uses angular-http-server. Recommendation Update to version 1.6.0 or later. :exclamation: Note: This was originally thought to be fixed in version 1.4.3, though...
Sentry SDK Prototype Pollution gadget in JavaScript SDKs
Impact In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue. !NOTE This...
gRPC-Go HTTP/2 Rapid Reset vulnerability
Impact In affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit...
Potential leak of NuGet.org API key
Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0. This advisory also provides guidance on what...
XSS vulnerability allowing arbitrary JavaScript execution
Today we are releasing Grafana 8.2.3. This patch release includes an important security fix for an issue that affects all Grafana versions from 8.0.0-beta1. Grafana Cloud instances have already been patched and an audit did not find any usage of this attack vector. Grafana Enterprise customers we...
Excessive Iteration in Compress
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package...
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses
Impact fosite400 released as v0.30.2 introduced a new feature for handling redirect URLs pointing to loopback interfaces rfc8252section-7.3. As part of that change new behavior was introduced which failed to respect the redirect URL's only for loopback interfaces! query parameters 1. Registering ...
Prototype pollution in json8
This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution...
Arbitrary code execution in ExifTool
Impact Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads. Patches ExifTool has already been patched in version 12.24. exiftool-vendored, which vendors ExifTool, includes this patch in v14.3.0. Workarounds No. References...
Local Information Disclosure Vulnerability in Netty on Unix-Like systems
Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. The CVSSv3.1 score of this vulnerability is calculated to be a 6.2/10 Vulnerability Details On unix-like systems, th...
Template Injection in jsrender
Affected versions of jsrender are susceptible to a remote code execution vulnerability when used with server delivered client-side tempates which dynamically embed user input. Proof of Concept js //POC-REQUEST for x!=1?constructor.constructor"return arguments.callee.caller":y10 :data /for js...
Apache Camel Netty enables Java deserialization by default
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
Denial of Service in jquery
Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition. Recommendation Upda...
Out-of-bounds read in nokogiri
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying ...
Next.js has a Denial of Service in the Image Optimization API
Impact When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /next/image endpoint that match t...
Spring Boot has an Authentication Bypass under Actuator Health groups paths
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...
Mongoose search injection vulnerability
Mongoose versions prior to 8.8.3, 7.8.3, 6.13.5, and 5.13.23 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthoriz...
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
The xmlattr filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys as opposed to only values as user input, and renders these in pages that other user...
json-path Out-of-bounds Write vulnerability
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method...
Labstack Echo Open Redirect vulnerability
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery SSRF. Version 4.9.0 contains a patch for the issue...
Cross-site Scripting in HTML2PDF
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
RCE in H2 Console
Impact H2 Console in versions since 1.1.100 2008-10-14 to 2.0.204 2021-12-21 inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method such as security...
Regular expression denial of service in react-native
A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...
ReDoS in normalize-url
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
Improper Input Validation and Code Injection in pdf-image
Lack of input validation in pdf-image npm package version = 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input...
Out-of-bounds Read in Pillow
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow...
python-docutils allows insecure usage of temporary files
python-docutils allows insecure usage of temporary files...
Cross-site scripting in PHPMailer
PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...
Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)
Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...
Malicious dropper in mistralai 2.4.6 PyPI package
The mistralai PyPI package version 2.4.6 contains a malicious dropper that executes on import on Linux. No v2.4.6 tag, commit, or release workflow run exists in this repository, the legitimate latest version before the upload was 2.4.5, and the upload bypassed this repository's normal release...
HTML Injection in Keycloak Admin REST API
The execute-actions-email endpoint of the Keycloak Admin REST API allows a malicious actor to send emails containing phishing links to Keycloak users...
Deserialization of Untrusted Data in Apache Camel RabbitMQ
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
Backport for CVE-2021-21024 Blind SQLi from Magento 2
Impact This vulnerability allows an administrator unauthorized access to restricted resources. We fixed a vulnerability in the MySQL adapter to prevent SQL injection attacks. This is a backport of CVE-2021-21024 https://helpx.adobe.com/security/products/magento/apsb21-08.html. Patches Has the...
Authorization bypass in express-jwt
Overview Versions before and including 5.3.3, we are not enforcing the algorithms entry to be specified in the configuration. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. Am I affected? You are affected by this...
Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...
XSS in Bleach when noscript and raw tag whitelisted
Impact A mutation XSS affects users calling bleach.clean with noscript and a raw tag see below in the allowed/whitelisted tags option. Patches v3.1.1 Workarounds modify bleach.clean calls to not whitelist noscript and one or more of the following raw tags: title textarea script style noembed...
Deep Merge is Vulnerable to Prototype Pollution Through Lack of Sanitization
A Prototype Pollution vulnerability was determined in brikcss merge up to 1.3.0. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The vendor was...
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers, and...
imgproxy is vulnerable to Server-Side Request Forgery
imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...
Sandbox bypass in vm2
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...
Arbitrary code execution in H2 Console
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...
Regular Expression Denial of Service in browserslist
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service ReDoS during parsing of queries...
Authentication Bypass in otpauth
Versions of otpauth prior to 3.2.8 are vulnerable to Authentication Bypass. The package's totp.validate function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens. Recommendation...