7044 matches found
Salt vulnerable to directory traversal attack in minion file cache creation
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...
Nautobot may allows uploaded media files to be accessible without authentication
ImpactFiles uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...
Salt has minion event bus authorization bypass vulnerability
Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...
Salt vulnerable to arbitrary event injection
Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...
Salt's salt.auth.pki module does not properly authenticate callers
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...
Requests vulnerable to .netrc credentials leak via malicious URLs
ImpactDue to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. WorkaroundsFor older versions of Requests, use of the .netrc file can be disabled with trustenv=False on your Requests Session docs...
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
ImpactOctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run a...
OctoPrint vulnerable to possible file extraction via upload endpoints
ImpactOctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILEUPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from.The primary risk...
Salt allows arbitrary directory creation or file deletion
Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...
Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
SummaryAmazon Redshift Python Connector is a pure Python connector to Redshift i.e., driver that implements the Python Database API Specification 2.0.When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate...
AstrBot Has Path Traversal Vulnerability in /api/chat/get_file
ImpactThis vulnerability may lead to: Information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. ReproduceFollow these steps to set up a test environment for reproducing the vulnerability:1. Install dependencies and clone the repository: bash pip...
LLama-Index CLI OS command injection vulnerability
LLama-Index CLI prior to v0.4.1, corresponding to LLama-Index prior to v0.12.21, contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the --files argument, which is directly passed into os.system. An attacker who controls the content of this...
vLLM Tool Schema allows DoS via Malformed pattern and type Fields
SummaryThe vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference...
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
ImpactInstances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. PatchesThe problem has been patched in version 8.4.1 and all following...
SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature...
Apache Superset: Improper authorization bypass on row level security via SQL Injection
An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.This issue affects Apac...
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
ImpactOn Windows, the shared %PROGRAMDATA% directory is searched for configuration files SYSTEMCONFIGPATH and SYSTEMJUPYTERPATH, which may allow users to create configuration files affecting other users.Only shared Windows systems with multiple users and unprotected %PROGRAMDATA% are affected...
HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability
A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...
Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component runview Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be...
Skyvern has a Jinja runtime leak
Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py...
SignXML's signature verification with HMAC is vulnerable to a timing attack
When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing...
Gradio CORS Origin Validation Bypass Vulnerability
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to origin validation error. It is possible to initiate the attack remotely. Th...
FunAudioLLM InspireMusic deserialization vulnerability
A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function loadstatedict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. A...
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
Affected EnvironmentsNote that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern.Since V0 is has been off by...
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store
SummaryLanceDocChatAgent uses pandas eval through computefromdocs:https://github.com/langroid/langroid/blob/18667ec7e971efc242505196f6518eb19a0abc1c/langroid/vectorstore/base.pyL136-L150As a result, an attacker may be able to make the agent run malicious commands through QueryPlan.dataframecalc...
LlamaIndex Vulnerable to Denial of Service (DoS)
A Denial of Service DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, affecting version latestv0.12.15. The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the maxdepth...
Flask uses fallback key instead of current signing key
In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key.Signing is provided by the itsdangerous library. A list of keys can be passed, and it expects the last top key in the list to be the most...
Apache Superset Allows Ownership Takeover
Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.This issue affects Apache Superset: through 4.1.1.Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...
Flask-AppBuilder open redirect vulnerability using HTTP host injection
ImpactFlask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. PatchesFlask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS configuration variable, which allows administrators to explicitly...
docarray prototype pollution
A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...
Vyper's `slice()` may elide side-effects when output length is 0
Impactthe slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. the reason is that for these source locations, the check that length = 1 is...
Tornado vulnerable to excessive logging caused by malformed multipart form data
SummaryWhen Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the...
Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Impactconcat may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is...
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
Vulnerable MobSF Versions: = v4.3.2Details:MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications...
Rasa Pro Missing Authentication For Voice Connector APIs
VulnerabilityA vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated...
AWorld OS Command Injection vulnerability
A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption
python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
Vulnerable MobSF Versions: = v4.3.2CVSS V4.0 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:NDetails:A Stored Cross-Site Scripting XSS vulnerability has been identified in MobSF versions ≤ 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG...
Langroid Allows XXE Injection via XMLToolMessage
SummaryA LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. DetailsXMLToolMessage uses lxml without...
phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
SummaryA critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to inefficient list concatenation operations, the...
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
DescriptionA critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file tha...
Data exposure via ZeroMQ on multi-node vLLM deployment
ImpactIn a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes. The primary vLLM host opens an XPUB ZeroMQ socket and binds it to ALL interfaces. While the socket is always opened for a multi-node deployment, it is only used when doing tensor parallelism across...
Crawl4AI SSRF vulnerability
Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...
PyTorch Improper Resource Shutdown or Release vulnerability
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
OverviewOn many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...
Apache Airflow Common SQL Provider Vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow Common SQL Provider.When using the partition clause in SQLTableCheckOperator as parameter which was a recommended pattern, Authenticated UI User could inject arbitrary SQL command wh...
InternLM LMDeploy code injection vulnerability
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...
AWS SAM CLI Path Traversal allows file copy to build container
SummaryThe AWS Serverless Application Model Command Line Interface AWS SAM CLI is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker.When running the AWS SAM CLI build process with Docker and symlinks are included ...
LMDeploy Improper Input Validation Vulnerability
A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function loadweightckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement...