ghsa

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

### Impact When a authentificated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. ### Patches The problem has been fixed with Shopware 6.6.1.0 and 6.5.8.8. ### Workarounds When you are not able to update, you can install the latest version of the Shopware Security Plugin.

An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function `registerReceiver` of the file `android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt`. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508.

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

A vulnerability classified as problematic was found in Xuxueli xxl-job version 2.4.0. This vulnerability affects the function `deserialize` of the file `com/xxl/job/core/util/JdkSerializeTool.java` of the component `Template Handler`. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.

### Summary The ***DELETE /api/snapshots/{key}*** endpoint allows any Grafana user to delete snapshots if the user is NOT in the organization of the snapshot ### Details An attacker (a user without organization affiliation or with a "no basic role" in an organization other than the one where the dashboard exists), knowing the key or URL of a snapshot created by any user (including Grafana admins), can delete a snapshot (It is not feasible using UI), resulting in a BOLA vulnerability. If an attacker is in the same organization of the dashboard snapshot, he can’t delete the snapshot. However, an attacker with low-privilege from a different organization would be able to delete it, resulting in the authorization flaw.  ### Precondition To exploit this endpoint, an attacker must know the {key} of a snapshot. The attacker can potentially discover ...

**Name**: ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks **Component**: ibc-go **Criticality**: Critical ([ACMv1](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md): I:Critical; L:AlmostCertain) **Affected versions**: < v4.6.0, < v5.4.0, < v6.3.0, < v7.4.0, < v8.2.0 **Affected users**: Chain Builders + Maintainers # Summary Through the deployment and subsequent use of a malicious CosmWasm contract via IBC interactions, an attacker could potentially execute the same `MsgTimeout` inside the IBC hook for the `OnTimeout` callback before the packet commitment is deleted. On chains where ibc-hooks wraps ICS-20, this vulnerability may allow for the logic of the `OnTimeout` callback of the transfer application to be recursively executed, leading to a condition that may present the opportunity for the loss of funds from the escrow account or unexpected minting of tokens. # Affected Configurations Chains which satisfy all of the fo...

### Summary The absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. ### Details Vulnerable endpoint: PATCH /files/{{id}} ### PoC 1. Create a file distribution. 2. Go to the link address for downloading files and download the file (in this case, the attacker receives the file id from the download request). 3. Send a PATCH /files/{{id}} request with arbitrary content in the request body. Thus, the file with the specified id will be changed. What the attacker specifies in the body of the request will be added to the end of the original content. In the future, users will download the modified file. ### Impact The vulnerability allows an attacker to influence those users who come to the file distribution after him and slip the victim files with a malicious or phishing signature.