ghsa

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Attackers can modify `helium.json` and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

### Impact "gin-vue-admin<=v2.6.1 has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the 'plugName' parameter. They can create specific folders such as 'api', 'config', 'global', 'model', 'router', 'service', and 'main.go' function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter." Affected code: https://github.com/flipped-aurora/gin-vue-admin/blob/746af378990ebf3367f8bb3d4e9684936df152e7/server/api/v1/system/sys_auto_code.go:239. Let's take a look at the method 'AutoPlug' within the 'AutoCodeApi' struct. ```go func (autoApi *AutoCodeApi) AutoPlug(c *gin.Context) { var a system.AutoPlugReq err := c.ShouldBindJSON(&a) if err != nil { response.FailWithMessage(err.Error(), c) return } a.Snake = strings.ToLower(a.PlugName) a.NeedModel = a.HasRequest || a.HasResponse er...

### Impact A recent refactoring added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. ### Patches Patched in #2941 ### Workarounds Revert prior to `5c381cf`, or roll forward past `2eb94e7` ### References N/A

### Impact When a front end member changes their password, the corresponding remember-me tokens are not removed. ### Patches Update to Contao 4.13.40. ### Workarounds Disable "Allow auto login" in the login module. ### References https://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

### Impact During the proxy generation process (e.g., when using `dirac-proxy-init`) it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds Setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written it can be safely copied to the standard location (`/tmp/x509up_uNNNN`). ### References

### Impact If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs. ### Patches Update to Contao 4.13.40 or 5.3.4. ### Workarounds Disable crawling protected pages. ### References https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

### Summary The vulnerability impacts only users of the `IdTokenVerifier` class. The verify method in `IdTokenVerifier` does not validate the signature before verifying the claims (e.g., iss, aud, etc.). Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with modified payload like email or phone number. The token will pass the validation by the library. Once verified, modified payload can be used by the application. If the application sends verified `IdToken` to other service as is like for auth - the risk is low, because the backend of the service is expected to check the signature and fail the request. Reporter: [Tamjid al Rahat](https://github.com/tamjidrahat), contributor ### Patches The issue was fixed in the 1.33.3 version of the library ### Proof of Concept To reproduce, one needs to call the verify function with an IdToken instance that contains a malformed signature to ...