ghsa

The `Ref` methods `into_ref`, `into_mut`, `into_slice`, and `into_slice_mut` are unsound and may allow safe code to exhibit undefined behavior when used with `Ref<B, T>` where `B` is [`cell::Ref`](https://doc.rust-lang.org/core/cell/struct.Ref.html) or [`cell::RefMut`](https://doc.rust-lang.org/core/cell/struct.RefMut.html). Note that these methods remain sound when used with `B` types other than `cell::Ref` or `cell::RefMut`. See https://github.com/google/zerocopy/issues/716 for a more in-depth analysis. The current plan is to yank the affected versions soon. See https://github.com/google/zerocopy/issues/679 for more detail.

Default table permissions in SurrealDB were `FULL` instead of `NONE`. This would lead to tables having `FULL` permissions for `SELECT`, `CREATE`, `UPDATE` and `DELETE` unless some other permissions were specified via the `PERMISSIONS` clause. We have decided to treat this behaviour as a vulnerability due to its security implications, especially considering the lack of specific documentation and potential for confusion due to the `INFO FOR DB` statement previously not displaying default permissions. Treating it as a bug fix provides justification for a change in default behavior outside of a major release. ### Impact Any client authorized to query data in a SurrealDB instance will have full access to any tables that were defined with no explicit permissions and that are within its authorization scope (i.e. namespace or database), including creating, reading, updating and deleting data. This is specially relevant for SurrealDB instances allowing guest access with publicly exposed inte...

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.

### Impact XSS, anyone using the SPS Select with options prop populated from user input is impacted. If these options are stored, then it could have been a stored XSS. ### Patches The code has been patched for version 7 of woodland. Users should upgrade to 7.17.4 or higher ### Workarounds This is not recommended. If you are not upgrading then you would need to sanitize your options yourself (including those currently stored in databases). This is not recommended. ### References https://github.com/SPSCommerce/woodland/blob/c49e999f97f3c0b56502859f4de1e8c6666dd74d/packages/ds-react/src/option-list/SpsOptionList.tsx#L559

### Impact The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. The code to reproduce it. The server side application: ```ts import { Hono } from 'hono' import { TrieRouter } from 'hono/router/trie-router' const wait = async (ms: number) => { return new Promise((resolve) => { setTimeout(resolve, ms) }) } const app = new Hono({ router: new TrieRouter() }) app.use('*', async (c, next) => { await wait(Math.random() * 200) return next() }) app.get('/modules/:id/versions/:version', async (c) => { const id = c.req.param('id') const version = c.req.param('version') console.log('path', c.req.path) console.log('version', version) return c.json({ id, version, ...

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cvg2-7c3j-g36j. This link is maintained to preserve external references. ## Original Description A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.