Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-pwgc-w4x9-gw67: changedetection.io Cross-site Scripting vulnerability

### Summary Input in parameter notification_urls is not processed resulting in javascript execution in the application ### Details changedetection.io version: v0.45.21 https://github.com/dgtlmoon/changedetection.io/blob/0.45.21/changedetectionio/forms.py#L226 ``` for server_url in field.data: if not apobj.add(server_url): message = field.gettext('\'%s\' is not a valid AppRise URL.' % (server_url)) raise ValidationError(message) ``` ### PoC Setting > ADD Notification URL List ![image](https://github.com/dgtlmoon/changedetection.io/assets/65381453/626eb43b-a414-4b05-92d8-c7345c2a2e75) ``` "><img src=x onerror=alert(document.domain)> ``` ![image](https://github.com/dgtlmoon/changedetection.io/assets/65381453/476bd396-2aa2-4642-9c54-fd2c2ef9de79) Requests ![image](https://github.com/dgtlmoon/changedetection.io/assets/65381453/1f258ef1-149a-4a03-88ab-a2244a69652e) ### Impact A reflected XSS vulnerability happens when the user ...

ghsa
Open in Source
#xss#vulnerability#git#java
GHSA-v84h-653v-4pq9: Some CORS middleware allow untrusted origins

### Impact Some CORS middleware (more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix) incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin patterns `https://foo.com` and `https://bar.com` (in that order) would yield a middleware that would incorrectly allow untrusted origin `https://barfoo.com`. ### Patches Patched in v0.9.0. ### Workarounds None.

GHSA-vhxv-fg4m-p2w8: Some CORS middleware allow untrusted origins

### Impact Some CORS middleware (more specifically those created by specifying two or more origin patterns whose hosts share a proper suffix) incorrectly allow some untrusted origins, thereby opening the door to cross-origin attacks from the untrusted origins in question. For example, specifying origin patterns `https://foo.com` and `https://bar.com` (in that order) would yield a middleware that would incorrectly allow untrusted origin `https://barfoo.com`. ### Patches Patched in v0.1.3. ### Workarounds None.

GHSA-5m98-qgg9-wh84: aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests

### Summary An attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. ### Impact An attacker can stop the application from serving requests after sending a single request. ------- For anyone needing to patch older versions of aiohttp, the minimum diff needed to resolve the issue is (located in `_read_chunk_from_length()`): ```diff diff --git a/aiohttp/multipart.py b/aiohttp/multipart.py index 227be605c..71fc2654a 100644 --- a/aiohttp/multipart.py +++ b/aiohttp/multipart.py @@ -338,6 +338,8 @@ class BodyPartReader: assert self._length is not None, "Content-Length required for chunked read" chunk_size = min(size, self._length - self._read_bytes) chunk = await self._content.read(chunk_size) + if self._content.at_eof(): + self._at_eof = True return chunk async def _read_chunk_from_stre...

GHSA-mjr4-7xg5-pfvh: libxmljs2 type confusion vulnerability when parsing specially crafted XML

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). At the time of publication, there is no fix.

GHSA-6433-x5p4-8jc7: libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of `attrs()` that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).

GHSA-78h3-pg4x-j8cv: libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the `namespaces()` function (which invokes `XmlNode::get_local_namespaces()`) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.

GHSA-mg49-jqgw-gcj6: libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the `namespaces()` function (which invokes `_wrap__xmlNode_nsDef_get()`) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.

GHSA-wccg-v638-j9q2: karmada vulnerable to arbitrary code execution via a crafted command

An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

GHSA-xv64-8p4r-94gq: pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.