Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-75x2-6h4m-h6mx: FullStackHero's WebAPI Boilerplate host header injection vulnerability

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.

ghsa
#vulnerability#web#git
GHSA-vr64-r9qj-h27f: Clojure Denial of Service vulnerability

An issue in Clojure versions 1.2.0 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the `clojure.core$partial$fn__5920` function.

GHSA-3hrr-xwvg-hxvr: Keycloak DoS via account lockout

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

GHSA-9xxv-q6pp-96wq: Concrete CMS Stored XSS

Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)

GHSA-3rxx-8f33-7p6p: Concrete CMS Cross Site Request Forgery (CSRF) vulnerability

Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.

GHSA-45m2-8q7f-93wv: Concrete CMS Cross Site Request Forgery (CSRF) vulnerability

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.

GHSA-c8v6-786g-vjx6: json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

GHSA-6294-6rgp-fr7r: jose2go vulnerable to denial of service via large p2c value

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

GHSA-6qvw-249j-h44c: jose4j denial of service via specifically crafted JWE

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

GHSA-22f2-v57c-j9cx: Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

### Summary ```ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} ``` The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. ### PoC A simple HTTP request with lots of blank characters in the content-type header: ```ruby request["Content-Type"] = (" " * 50_000) + "a," ``` ### Impact It's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.