CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.

@@ -25,6 +25,22 @@

\*/

class Security

{

/\*\*

\* @param string $filepath

\* @param array|null $options

\* @return string|null

\*/

public static function detectXssFromSvgFile(string $filepath, array $options = null): ?string

{

if (file\_exists($filepath) && Grav::instance()\['config'\]->get('security.sanitize\_svg')) {

$content = file\_get\_contents($filepath);

  

return static::detectXss($content, $options);

}

  

return null;

}

  

/\*\*

\* Sanitize SVG string for XSS code

\*

@@ -200,7 +216,7 @@ public static function detectXss($string, array $options = null): ?string

}, $string);

  

// Clean up entities

$string = preg\_replace('!(&#\[0-9\]+)!u', '$1;', $string);

$string = preg\_replace('!(&#\[0-9\]+);?!u', '$1;', $string);

  

// Decode entities

$string = html\_entity\_decode($string, ENT\_NOQUOTES | ENT\_HTML5, 'UTF-8');

Headline

CVE-2022-0970: Added XSS check for uploaded SVG files before they get stored · getgrav/grav@f19297d

CVE: Latest News