ghsa

The Cosmos SDK is used for Inter-Blockchain Communication Protocol (IBC) applications and middleware. The [packet-forward-middleware](https://github.com/cosmos/ibc-apps/tree/main/middleware/packet-forward-middleware) module is an IBC middleware module built for Cosmos blockchains utilizing the IBC protocol allowing routing of incoming IBC packets from a source chain to a destination chain. The `packet-forward-middleware` module is vulnerable to potential chain-halt due to error non-determinism. ### Patches Please patch at your earliest convenience by applying one of the following patch versions, respective to the chain's ibc-go major version: v4.1.1 v5.2.1 v6.1.1

[_Part of the Cure53 security audit of Home Assistant._](https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/) The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim’s `access_token`, the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` t...

### Summary An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. ### Details In `dsaVerify` function, it checks whether the value of the signature is legal by calling function `checkValue`, namely, whether `r` and `s` are both in the interval `[1, q - 1]`. However, the second line of the `checkValue` function wrongly checks the upper bound of the passed parameters, since the value of `b.cmp(q)` can only be `0`, `1` and `-1`, and it can never be greater than `q`. In this way, although the values of `s` cannot be `0`, an attacker can achieve the same effect as zero by setting its value to `q`, and then send `(r, s) = (1, q)` to pass the verification of any public key. ### Impact All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. ### Fix PR: Since the temporary private fork was...

There is a Code Injection Vulnerability in Mail Form to baserCMS. ### Target baserCMS 4.7.6 and earlier versions ### Vulnerability Malicious code may be executed in Mail Form Feature. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_45547161 ### Credits Shiga Takuma@BroadBand Security, Inc

There is a CSRF Vulnerability in Content preview Feature to baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. ### Target baserCMS 4.7.8 and earlier versions ### Vulnerability Malicious code may be executed in Content preview Feature. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_45547161 ### Credits Shiga Takuma@BroadBand Security, Inc

There is a Directory Traversal Vulnerability in Form submission data management Feature to baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. ### Target baserCMS 4.7.8 and earlier versions ### Vulnerability There is a possibility that information on the server may be obtained by a user who is logged in to the management screen. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_45547161 ### Credits Shiga Takuma@BroadBand Security, Inc

There is a XSS Vulnerability in File upload Feature to baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. ### Target baserCMS 4.7.8 and earlier versions ### Vulnerability Malicious code may be executed in File upload Feature. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_45547161 ### Credits Shiga Takuma@BroadBand Security, Inc

There is a XSS Vulnerability in Favorites Feature to baserCMS. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. ### Target baserCMS 4.7.8 and earlier versions ### Vulnerability Malicious code could be executed in the Favorites feature on the server. ### Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more information. https://basercms.net/security/JVN_45547161 ### Credits ota kyohei

A flaw was discovered in Elasticsearch affecting the `_search` API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.

Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured. The `_xpack/security` APIs have been deprecated in Elasticsearch 7.x and were entirely removed in 8.0.0 and later. The only way for a client to use them in Elasticsearch 8.0.0 and later is to provide the `Accept: application/json; compatible-with=7` header. Elasticsearch official clients do not use these deprecated APIs. The list of affected, deprecated APIs, is the following: `POST /_x...