Source
ghsa
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.
An issue in Clojure versions 1.2.0 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the `clojure.core$partial$fn__5920` function.
A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.
Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
### Summary ```ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} ``` The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. ### PoC A simple HTTP request with lots of blank characters in the content-type header: ```ruby request["Content-Type"] = (" " * 50_000) + "a," ``` ### Impact It's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.