Source
ghsa
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber 1.3.4 and prior. A patch is available and anticipated to be part of the 2.x branch.
### Impact This vulnerability affects deployments of Imageflow that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you (but you should update anyway). Imageflow relies on Google's [libwebp] library to decode .webp images, and is affected by the recent zero-day out-of-bounds write vulnerability [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) and https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. The libwebp vulnerability also affects Chrome, Android, macOS, and other consumers of the library). libwebp patched [the vulnerability](https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 ) and released [1.3.2](https://github.com/webmproject/libwebp/releases/tag/v1.3.2) This was patched in [libwebp-sys in 0.9.3 and 0.9.4](https://github.com/NoXF/libwebp-sys/commits/master) **[Imageflow v2.0.0-preview8](https://github.com/imazen/imageflow/releases/tag/v2.0.0-p...
### Impact Heap buffer overflow in `libwebp` allows a remote attacker to perform an out of bounds memory write via a crafted webp image. ### References - https://github.com/advisories/GHSA-j7hp-h8jx-5ppr - https://blog.isosceles.com/the-webp-0day/
The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: ```js const functionNameMatch = /\s*function(?:\s|\s*\/\*[^(?:*/)]+\*\/\s*)*([^\s(/]+)/; ``` This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: ```js '\t'.repeat(54773) + '\t/function/i' ``` Here is a simple PoC code to demonstrate the issue: ```js const protocolre = /\sfunction(?:\s|\s/*[^(?:*\/)]+*/\s*)*([^\(\/]+)/; const startTime = Date.now(); const maliciousInput = '\t'.repeat(54773) + '\t/function/i' protocolre.test(maliciousInput); const endTime = Date.now(); console.log("process time: ", endTime - startTime, "ms"); ```
### Impact In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. ### Patches This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. ### Workarounds User's still using Argo CD 2.3 or below are advised to update to a [supported ver...
Introspection is enabled on `demo.pimcore.fun`. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosure vulnerability.