ghsa

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system.

### Impact When the exponent is bigger than `r`, the group order of the pairing target group `GT`, the exponentiation à la GLV (`ExpGLV`) can *sometimes* give incorrect results compared to normal exponentiation (`Exp`). The issue impacts all users using `ExpGLV` for exponentiations in `GT`. This does not impact `Exp` and `ExpCyclotomic` which are sound. Also note that GLV methods in G1 and G2 are sound and _not_ impacted. ### Patches Fix has been implemented in pull request https://github.com/Consensys/gnark-crypto/pull/451 and merged in commit https://github.com/Consensys/gnark-crypto/commit/ec6be1a037f7c496d595c541a8a8d31c47bcfa3d to master branch. The fix increased the bounds of the sub-scalars by 1. In fact, since https://github.com/Consensys/gnark-crypto/pull/213, we use a fast scalar decomposition that tradeoffs divisions (needed in the Babai rounding) by right-shifts. We precompute `b=2^m*v/d (m > log2(d))` and then at runtime compute `scalar*b/2^m` (`v` is a lattice vector ...

### Impact An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the `ni-measurementlink-service` Python package and all previous versions. ### Patches Upgrade all Python measurement plug-ins to use `ni-measurementlink-service` version 1.1.1 or later. ### References Visit [ni.com/info](http://www.ni.com/info) and enter the info code `cve-2023-4570` for more information.

Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse and causing immediate termination of the server process. ### Impact This is a denial of service vulnerability, impacting all users of affected versions of Vapor. Because the crash is an explicit assertion failure, there is no corruption of process state and no risk of data leakage or unauthorized code execution. Total impact is limited to an immediately recoverable service interruption. ### Patches The issue is fixed as of Vapor release 4.84.2. ### Workarounds None known at this time. ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Vapor repo](https://github.com/vapor/vapor) * Ask in [Vapor Discord](http://vapor.team) ### Acknowledgements Full credit for reporting this issue goes to @t0rchwo0d, with additional thanks for responsibly disclosing.

### Summary IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. ### Details See https://github.com/micronaut-projects/micronaut-security/blob/master/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/IdTokenClaimsValidator.java#L202 This logic violates point 3 of https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation. Workaround exists by setting `micronaut.security.token.jwt.claims-validators.audience` with valid values. `micronaut.security.token.jwt.claims-validators.openid-idtoken` can be kept as default on. ### PoC Should probably be: ```java return issuer.equalsIgnoreCase(iss) && audiences.contains(clientId) && validateAzp(claims, clientId, audiences); ``` ### Impact Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared.

### Impact The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys.

Google is aware that an exploit for CVE-2023-5217 exists in the wild. Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) References - https://www.cve.org/CVERecord?id=CVE-2023-5217 - https://nvd.nist.gov/vuln/detail/CVE-2023-5217

imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2.