Source
ghsa
#### Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. #### Workaround Implement the server side file validation https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation or Serve all media from an different host (e.g cdn) that where umbraco is hosted
#### Impact A brute force exploit that can be used to collect valid usernames is possible.
#### Impact A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled
#### Impact Users with low privileges ( Editor, etc) are able to access some unintended endpoints.
#### Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.
#### Impact Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.
#### Impact Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios.
### Impact contracts containing large arrays might underallocate the number of slots they need. prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`: https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197 the intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed. if `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed. the following two example contracts can result in overwriting of the variable `vulnerable`: ```vyper large_array: address[2**64 + 1] # type_.size_in_bytes == 32 * (2**64 + 1); math.ceil(type_.size_in_bytes / 32) < 2**64 + 1 vulnerable:...
#### Impact A user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended.
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.