Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-3qxh-p7jc-5xh6: Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, `?text=<svg/onload=alert(1)>` would trigger XSS here. ```js const [text] = createResource(() => { return new URL(getRequestEvent().request.url).searchParams.get("text"); }); return ( <> Text: {text()} </> ); ```

ghsa
Open in Source
#xss#nodejs#js#git
GHSA-c3p4-vm8f-386p: Navidrome allows an authentication bypass in Subsonic API with non-existent username

### Summary In certain Subsonic API endpoints, authentication can be bypassed by using a non-existent username combined with an empty (salted) password hash. This allows read-only access to the server’s resources, though attempts at write operations fail with a “permission denied” error. ### Details A flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system, along with a salted hash of an empty password. Under these conditions, Navidrome treats the request as authenticated, granting access to various Subsonic endpoints without requiring valid credentials. ### Proof of Concept (PoC) 1. Generate a random salt: ```javascript // e.g., salt = "x1vbudn1m6d" Math.random().toString(36).substring(2, 15) ``` 2. Calculate the MD5 hash of an empty password plus the salt: ```shell # Using the example salt above echo -n "x1vbudn1m6d" | md5sum 81f0c0fb5d202ab0d012e6eaeb722d79 - ``` 3. Send a re...

GHSA-mcgx-2gcr-p3hp: LTI JupyterHub Authenticator does not properly validate JWT Signature

### Impact Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are influenced. LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request granting access to existing and new user identities. ### Patches None. ### Workarounds None. ### References - [This code segment](https://github.com/jupyterhub/ltiauthenticator/blob/3feec2e81b9d3b0ad6b58ab4226af640833039f3/ltiauthenticator/lti13/validator.py#L122-L164) didn't validate a JWT signature.

GHSA-c6gw-w398-hv78: DoS in go-jose Parsing

### Impact When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. ### Patches Version 4.0.5 fixes this issue ### Workarounds Applications could pre-validate payloads passed to go-jose do not contain an excessive number of '.' characters. ### References This is the same sort of issue as in the golang.org/x/oauth2/jws package as CVE-2025-22868 and Go issue https://go.dev/issue/71490.

GHSA-pxg4-xjp7-w9c5: Moodle's feedback response viewing and deletions did not respect Separate Groups mode

Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities.

GHSA-4hmr-39vp-xfrr: Moodle has an arbitrary file read risk through pdfTeX

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).

GHSA-g88w-v4cq-qgcp: Moodle has an IDOR in badges allows disabling of arbitrary badges

Insufficient capability checks made it possible to disable badges a user does not have permission to access.

GHSA-5r85-6h7f-rg3r: Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block

Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.

GHSA-cw24-f6fq-7j9v: Moodle allows teachers to evade trusttext config when restoring glossary entries

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

GHSA-h697-w4ph-7pcx: Moodle has a stored XSS in ddimageortext question type

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.