Latest News

Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a potential cross site scripting issue within the Trix editor. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- N/A Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our [maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues) regarding security issues. They are in git-am format and consist of a single changeset. * action_text_content_attachment_xss_7_1_stable.patch - Patch for 7.1 series Credits ------- Thank you [ooooooo_q](https://hackerone.com/ooooooo_q) for reporting this!

These scammers are persistent and want your billing information to extort money from you.

# Reduced entropy due to inadequate character set usage ## Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_id::base62` and `nano_id::base58` functions. Specifically, the `base62` function used a character set of 32 symbols instead of the intended 62 symbols, and the `base58` function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the `nano_id::gen` macro is also affected when a custom character set that is not a power of 2 in size is specified. It should be noted that `nano_id::base64` is not affected by this vulnerability. ## Impact This can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers. ## Patches The flaws were corrected in commit [a9022772b2f1ce38929b5b81eccc670ac9d3ab23](https://github.com/viz-rs...

### Impact A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host. A workload built from this Dockerfile: ``` FROM docker.io/library/busybox as source RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc FROM scratch COPY --from=source /bin /bin COPY --from=source /lib /lib COPY --from=source /extra . ``` and this container config: ``` { "metadata": { "name": "busybox" }, "image":{ "image": "localhost/test" }, "command": [ "/bin/true" ], "linux": { } } ``` and this sandbox config ``` { "metadata": { "name": "test-sandbox", "namespace": "default", "attempt": 1, "uid": "edishd83djaideaduwk28bcsb" }, "linux": { "security_context": { "namespace_options": { "network": 2 } } } } ``` will create a file on host `/host/mtab` ### Patches 1.30.1, 1.29.5, 1.28.7 ### Workarounds Unfortunately not ### References _A...

TikTok has confirmed a “potential exploit” that is being used to go after accounts belonging to media organizations and celebrities, including CNN and Paris Hilton, through direct messages.

### Describe the Bug Providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. ### To Reproduce 1. Test if the endpoint is working and accessible, `GET http://localhost:8055/utils/random/string` 2. Do a bad request `GET http://localhost:8055/utils/random/string?length=foo` 3. After this all calls to `GET http://localhost:8055/utils/random/string` will return an empty string instead of a random string 4. In this error situation you'll see authentication refreshes fail for the app and api. ### Impact This counts as an unauthenticated denial of service attack vector so this impacts all unpatched instances reachable over the internet.

### Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output ### Details There was a handful of instances where the `apko` tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: 1. The`%s` verb was used to format a `url.URL` as a string, which includes un-redacted HTTP basic authentication credentials if they are included in the URL. 2. A string URL value (such as from the configuration YAML file supplied used in an apko execution) was never parsed as a URL, so there was no chance of redacting credentials in the logical flow. apko, as well as its companion library `go-apk`, have been updated to ensure URLs are parsed and redacted before being output as string values. ### PoC Create a config file like this `apko.yaml`: ```yaml contents: keyring: - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub repositories: - https://me%40example.com:supersecretpass...

## Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_id::base62` and `nano_id::base58` functions. Specifically, the `base62` function used a character set of 32 symbols instead of the intended 62 symbols, and the `base58` function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the `nano_id::gen` macro is also affected when a custom character set that is not a power of 2 in size is specified. It should be noted that `nano_id::base64` is not affected by this vulnerability. ## Impact This can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers. ## Patches The flaws were corrected in commit [a9022772b2f1ce38929b5b81eccc670ac9d3ab23](https://github.com/viz-rs/nano-id/commit/a9022772b2f1ce38929b5b81eccc670ac9d3ab23)...

### Summary iq80 Snappy performs out-of-bounds read access when uncompressing certain data, which can lead to a JVM crash. ### Details When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5, but in the long term users should prefer migrating to the Snappy implementation in https://github.com/airlift/aircompressor (version 0.27 or newer). ### Impact When uncompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM.

London hospitals crippled by cyberattack! This incident highlights the growing threat of ransomware on healthcare systems worldwide. London’s…