Latest News

A vulnerability allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Checkout process, PayPal will not receive the updated total amount. As a result, PayPal captures only the initially transmitted amount, while Sylius incorrectly considers the order fully paid based on the modified total. This flaw can be exploited both accidentally and intentionally, potentially enabling fraud by allowing customers to pay less than the actual order value. ### Impact - Attackers can intentionally pay less than the actual total order amount. - Business owners may suffer financial losses due to underpaid orders. - Integrity of payment processing is compromised. ### Patches The issue is fixed in versions: 1.6.1, 1.7.1, 2.0.1 and above. ### Workarounds To resolve the problem in the end application without updating to the newest patches, there is a need to overwrite `ProcessPayPalOrderAction` wi...

### Summary In the archive extraction routine of affected versions of the `zip` crate, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in the file system when extracted. ### Details This is a variant of the [zip-slip](https://github.com/snyk/zip-slip-vulnerability) vulnerability, we can make the extraction logic step outside of the target directory by creating a symlink to the parent directory and then extracting further files through that symlink. The documentation of the [`::zip::read::ZipArchive::extract`] method is in my opinion implying this should not happen: > "Paths are sanitized with ZipFile::enclosed_name." ... > [`::zip::read::FileOptions::enclosed_name`] ... is resistant to path-based exploits ... can’t resolve to a path outside the current directory. Most archive software either decline to extract symlink...

### Impact If the Expr expression parser is given an **unbounded input string**, it will attempt to compile the *entire* string and generate an Abstract Syntax Tree (AST) node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead to **excessive memory usage** and an **Out-Of-Memory (OOM) crash** of the process. This issue is relatively uncommon and will only manifest when there are **no restrictions on the input size**, i.e. the expression length is allowed to grow arbitrarily large. In typical use cases where inputs are bounded or validated, this problem would not occur. ### Patches The problem has been **patched** in the latest versions of the Expr library. The fix introduces compile-time limits on the number of AST nodes and memory usage during parsing, preventing any single expression from exhausting resources. Users ...

### Impact The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource `BMCEventSubscription` (BMCES). An adversary Kubernetes account with only namespace level roles (e.g. a tenant controlling a namespace) may create a BMCES in their authorized namespace and then load Secrets from their unauthorized namespaces to their authorized namespace via the Baremetal Operator controller's cluster scoped privileges, causing Secret leakage. ### Patches The patch makes BMO refuse to read Secrets from other namespace than where the corresponding Bare Metal Host (BMH) resource is. The patch does not change the `BMCEventSubscription` API in BMO, but stricter validation will deny the request at admission time. It will also prevent the controller reading such Secrets, in case the BMCES resource has already been deployed. The issue...

In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT…

### Impact A bug was found in containerd where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. ### Patches This bug has been fixed in the following containerd versions: * 2.0.4 (Fixed in https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20) * 1.7.27 (Fixed in https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da) * 1.6.38 (Fixed in https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a) Users should update to these versions to resolve the issue. ### Workarounds Ensure that only trusted images are used and that only trusted users have permissions to import images. ### Credits The containerd project would like to thank [Benjamin Koltermann](htt...

StilachiRAT: Sophisticated malware targets crypto wallets & credentials. Undetected, it maps systems & steals data. Microsoft advises strong security measures.

ChatGPT Down: Users report "Gateway time-out" errors. OpenAI's popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption.

A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation.

Educational institutions and businesses looking to implement technology-driven learning solutions often face a key decision: should they invest…