Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-75jp-vq8x-h4cq: Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

### Summary In the WASMI Interpreter, an [Out-of-bounds Buffer Write](https://cwe.mitre.org/data/definitions/787.html) will arise arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. ### Impact After conducting an analysis of the dependent Polkadot systems of `wasmi`: [Pallet Contracts](https://github.com/paritytech/polkadot-sdk/tree/master/substrate/frame/contracts), [Parity Signer](https://github.com/paritytech/parity-signer), and [Smoldot](https://github.com/smol-dot/smoldot), we have found that none on those systems have been affected by the issue as they are calling host to Wasm function with a small limited amount of parameters always. ### Mitigations If you are using `wasmi` betwen version 0.15.0 and 0.31.0, please update it to the [0.31.1](https://github.com/paritytech/wasmi/releases/tag/v0.31.1) patch release that we ju...

ghsa
#vulnerability#git
GHSA-j7jm-8gf5-frcm: nGrinder vulnerable to unsafe Java objects deserialization

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

GHSA-qqv2-35q8-p2g2: PaddlePaddle command injection in paddle.utils.download._wget_download

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0

GHSA-fh54-3vhg-mpc2: PaddlePaddle command injection vulnerability

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0

GHSA-5pf6-2qwx-pxm2: Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

### Impact _What kind of vulnerability is it? Who is impacted?_ Using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. The relevant code is [here](https://github.com/cloudevents/sdk-go/blob/67e389964131d55d65cd14b4eb32d57a47312695/v2/protocol/http/protocol.go#L104-L110) (also inline, emphasis added): <pre>if p.Client == nil { p.Client = **http.DefaultClient** } if p.roundTripper != nil { p.Client.**Transport = p.roundTripper** } </pre> When the transport is populated with an authenticated transport such as: - [oauth2.Transport](https://pkg.go.dev/golang.org/x/oauth2#Transport) - [idtoken.NewClient(...).Transport](https://pkg.go.dev/google.golang.org/api/idtoken#NewClient) ... then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to **any endpoint** it is used to contact! Found and patched by: @tcnghia and @...

GHSA-j857-7rvv-vj97: JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

## Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 ## Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. ## Poc ```python from jwcrypto import jwk, jwe from jwcrypto.common import json_encode, json_decode import time public_key = jwk.JWK() private_key = jwk.JWK.generate(kty='RSA', size=2048) public_key.import_key(**json_decode(private_key.export_public())) payload = '{"u": "' + "u" * 400000000 + '", "uu":"' + "u" * 400000000 + '"}' protected_header = { "alg": "RSA-OAEP-256", "enc": "A256CBC-HS512", "typ": "JWE", "zip": "DEF", "kid": public_key.thumbprint(), } jwetoken = jwe.JWE(payload.encode('utf-8'), recipient=public_key, protected=protected_header) enc = jwetoken.serialize(compact=True) print("-----uncompress-----") print(len(enc)) begin =...

GHSA-2pc2-h97h-2mmw: Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

GHSA-xj36-6xc6-8p9x: Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.

GHSA-64c5-r2h5-c2fg: Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.