Source
ghsa
### Impact Rapidly creating and cancelling streams (HEADERS frame immediately followed by RST_STREAM) without bound cause denial of service. See https://www.cve.org/CVERecord?id=CVE-2023-44487 for details. ### Patches nghttp2 v1.57.0 mitigates this vulnerability by default. ### Workarounds If upgrading to nghttp2 v1.57.0 is not possible, implement `nghttp2_on_frame_recv_callback`, and check and count RST_STREAM frames. If excessive number of RST_STREAM are received, then take action, such as dropping connection silently, or call `nghttp2_submit_goaway` and gracefully terminate the connection. ### References The following commit mitigates this vulnerability: - https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832
Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail file upload, which allows Cross-Site Scripting (XSS).
langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.
# Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. # Patches Patched in AntiSamy 1.7.4 and later. See important remediation details in the reference given below. # Workarounds If you cannot upgrade to a fixed version of the library, the following mitigation can be applied until you can upgrade: Manually edit your AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding this in your tag definitions under the `<tagrules>` node (or deleting it entirely if...
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
In NASA Open MCT (aka openmct) before commit 545a177 is subject to a prototype pollution which can occur via an import action.
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary.
### Impact This vulnerability affects deployments of FreeImage that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you, but **you should remove FreeImage from your project, as it is not maintained and presents a massive security risk**. If you are using FreeImage via ImageResizer.Plugins.FreeImage, please utilize [Imageflow](https://github.com/imazen/imageflow) or [Imageflow.Server](https://github.com/imazen/imageflow-dotnet-server) instead, or upgrade to ImageResizer 5 and use ImageResizer.Plugins.Imageflow (enable Prereleases on NuGet to access). FreeImage relies on Google's [libwebp](https://github.com/webmproject/libwebp) library to decode .webp images, and is affected by the recent zero-day out-of-bounds write vulnerability [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) and https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. The libwebp vulnerability also affects Chrome, Android,...
### Impact A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. ### Patches Upgrade to NeuVector [version 5.2.2](https://open-docs.neuvector.com/releasenotes/5x) or later and latest Helm chart (2.6.3+). + In 5.2.2 the certificate for JWT-signing is created automatically by controller with validity of 90days and rotated automatically. + Use Helm-based deployment/upgrade to 5.2.2 to generate a unique certificate for Manager, REST API, ahd registry adapter. Helm based installation/upgrade is required in order to automatically generate certificates upon initial installation and each subsequent upgrade. + See [release notes](https://open-docs.neuvector.com/releasenotes/5x) for manual/yaml based deployment advice. + 5.2.2 also implements additional protections against possible RCE for the feature of custom compliance scripts. ...
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.