Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-6xmx-85x3-4cv2: Stored XSS via SVG File Upload

#### Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. #### Workaround Implement the server side file validation https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation or Serve all media from an different host (e.g cdn) that where umbraco is hosted

ghsa
#xss#vulnerability#git
GHSA-7x74-h8cw-qhxq: Brute force exploit can be used to collect valid usernames

#### Impact A brute force exploit that can be used to collect valid usernames is possible.

GHSA-8qp8-9rpw-j46c: SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.

#### Impact A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled

GHSA-cfr5-7p54-4qg8: Privilege Escalation using Spoofing

#### Impact Users with low privileges ( Editor, etc) are able to access some unintended endpoints.

GHSA-6324-52pr-h4p5: Using the directory back payload (“/../”) in a package name allows placement of package in other folders.

#### Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.

GHSA-v98m-398x-269r: DOM-XSS on Backoffice login screen.

#### Impact Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.

GHSA-335x-5wcm-8jv2: Backoffice User can bypass "Publish" restriction

#### Impact Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios.

GHSA-6m97-7527-mh74: incorrect storage layout for contracts containing large arrays

### Impact contracts containing large arrays might underallocate the number of slots they need. prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`: https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197 the intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed. if `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed. the following two example contracts can result in overwriting of the variable `vulnerable`: ```vyper large_array: address[2**64 + 1] # type_.size_in_bytes == 32 * (2**64 + 1); math.ceil(type_.size_in_bytes / 32) < 2**64 + 1 vulnerable:...

GHSA-xxc6-35r7-796w: Possible injection of HTML into user invite mails

#### Impact A user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended.

GHSA-v945-r3rc-6fjm: Path traversal in MLflow

Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.