ghsa

The ns_backup extension through 13.0.0 for TYPO3 allows XSS.

The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files.

### Summary The `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values may include malicious content, resulting in additional unintended commands being output to `stdout`. If this output is improperly utilized in further command execution, it could lead to command injection vulnerabilities, allowing an attacker to execute arbitrary commands on the host system. ### Details The vulnerability exists because environment variables are not properly sanitized during the decryption phase, which enables malicious keys or encrypted values to inject commands. ### Impact An attacker with control over `.ejson` files can inject commands in the environment where `source $(ejson2env)` or `eval ejson2env` are executed. ### Mitigation - Update to a version of `ejson2en...

### Impact In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which required rights are enforced can be sure that they're not giving a right to a script or object that it didn't have before. A bug in the implementation of the enforcement of this rule means that in fact, it was possible for any user with edit right on a document to set programming right as required right. If then a user with programming right edited that document, the content of that document would gain programming right, allowing remote code execution. This thereby defeats most of the security benefits of required rights. As XWiki still performs the required rights analysis when a user edits a page even when required rights are enforced, the user with programming right would still be warned a...

Insecure Direct Object Reference in the reint_downloadmanager TYPO3 extension allows remote attackers to read arbitrary files via the downloaduid parameter in the downloadAction.

# Impact A bug was found in the containerd's CRI implementation where containerd doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. # Patches This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. # Workarounds Disable usernamespaced pods in Kubernetes temporarily. # Credits The containerd project would like to thank Rodrigo Campos Catelin and Piotr Rogowski for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md). # For more information If you have any questions or comments about this advisory: * Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose) * Email us at [email protected] To report a security issue in containerd: * [Report a new vulnerabi...

Insecure Direct Object Reference (IDOR) in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController.

Cross-site scripting (XSS) vulnerability in the [clickstorm] SEO (cs_seo) TYPO3 extension allows backend users to execute arbitrary script via the JSON-LD output.

### Impact A network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using [Layer 7 Protocol Visibility](https://docs.cilium.io/en/stable/observability/visibility/#layer-7-protocol-visibility) at the time of the attack. ### Patches This issue affects all versions of Hubble CLI before v1.17.2. The issue is patched in Hubble CLI v1.17.2, via https://github.com/cilium/cilium/pull/37401. ### Workarounds Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor. ### Acknowledgements The Cilium community has worked together with members of Isovalent and the Cisco ASIG team to prepare these mitigations. Special tha...

### Impact A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. ### Patches This bug has been fixed in the following containerd versions: * 2.1.1 The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. Users should update to this version to resolve the issue. ### Workarounds Ensure that only trusted images are used and that only trusted users have permissions to import images. ### Credits The containerd project would like to thank Tõnis Tiigi for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md). ### References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47290 ### For more information If you have any questions or comments about this advisory: * Open an issue in [conta...