Latest News

### Summary "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS)." ### Details Source of potentially tainted data is in `packages/kit/src/exports/vite/dev/index.js`, line 437. This potentially tainted data is passed through a number of steps (which I could detail if you'd like) all the way down to line 91 in `packages/kit/src/exports/vite/utils.js`, which performs an operation that Snyk believes an attacker shouldn't be allowed to manipulate. Another source of potentially tainted data (according to Snyk) comes from `‎packages/kit/src/exports/vite/utils.js`, line 30, col 30 (i.e., the `url` property of `req`). This potentially tainted data is passed through a number of steps (which I could detail if you'd like) all the way down line 91 in `packages/kit/src/exports/vite/utils.js`, which performs an operation that Snyk believes an attacker shouldn't be allowed to...

### Summary The static error.html template for errors contains placeholders that are replaced without escaping the content first. ### Details From https://kit.svelte.dev/docs/errors: > error.html is the page that is rendered when everything else fails. It can contain the following placeholders: %sveltekit.status% — the HTTP status %sveltekit.error.message% — the error message This leads to possible injection if an app explicitly creates an error with a message that contains user controlled content that ends up being something like this inside a server handle function: ```js error(500, '<script>alert("boom")</script>'); ``` Uncaught errors cannot be exploited like this, as they always render the message "Internal error". Escaping the message string in the function that creates the html output can be done to improve safety for applications that are using custom errors on the server. ### PoC None provided ### Impact Only applications where user provided input is used in the `Er...

### Summary In versions of `dawidd6/action-download-artifact` before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts (such as malicious executables) into a privileged workflow context, as creating a fork requires no privileges. Users should immediately upgrade to v6 or newer, which changes the default behavior to avoid searching forks for matching artifacts. Users who cannot upgrade should explicitly set `allow_forks: false` to disable searching forks for artifacts. ### Details GitHub's artifact storage for workflows does not natively distinguish between artifacts created by a repository and artifacts created by forks of that repository. As a result, attempting to retrieve the "latest" artifact for a workflow run can return artifacts produced by a fork, rather than its upstream. Because any GitHub user can create a fork of a public repository, ...

Coinbase researchers reported 2 security issues in our implementation of the oblivious transfer (OT) based protocol [DKLS](https://eprint.iacr.org/2018/499.pdf): ### 1. Secret share recovery attack If the base OT setup of the protocol is reused for another execution of the OT extension, then a malicious participant can extract a bit of the secret of another participant. By repeating the execution they can eventually recover the whole secret. Therefore, unlike our comments suggested, you **must not reuse an OT setup** for multiple protocol executions. We're adding a warning in the code: https://github.com/taurushq-io/multi-party-sig/blob/9e4400fccee89be6195d0a12dd0ed052288d5040/internal/ot/extended.go#L114 ### 2. Invalid security proof due to incorrect operator The original 2018 version of the DKLS had a typo in the OT extension protocol when computing the check value in the OT extension: the paper noted a XOR whereas it should be a field multiplication. This erroneous behavior ...

Diversity isn't just an issue of fairness — it's about operational excellence and ensuring we have the best possible teams defending our national security.

Cybercriminals are spamming content platforms like Spotify and Amazon with cracks, keygens, and forex trading platforms. We explain why.

Ubuntu Security Notice 7121-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Debian Linux Security Advisory 5818-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice 7124-1 - Andy Boothe discovered that the Networking component of OpenJDK 23 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 23 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

Debian Linux Security Advisory 5817-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.