ghsa

### Impact Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: 1. Open the invitation application (Invitation.WebHome). 1. Set the subject to `{{cache}}{{groovy}}new File("/tmp/exploit.txt").withWriter { out -> out.println("Attacked from invitation!"); }{{/groovy}}{{/cache}}` 1. Click "Preview" ### Patches The vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. ### Workarounds The vulnerability can be patched manually by applying the [patch](https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591) on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`. ### References - https://jira.xwiki.org/browse/XWIKI-20421 - https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591 #...

### Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: * Incorrect parsing of trailing fields in chunked transfer encoding bodies * Parsing of blank/zero-length Content-Length headers ### Patches The vulnerability has been fixed in 6.3.1 and 5.6.7. ### Workarounds No known workarounds. ### References [HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling) ### For more information If you have any questions or comments about this advisory: Open an issue in [Puma](https://github.com/puma/puma) See our [security policy](https://github.com/puma/puma/security/policy)

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

In OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.

A BeanShell interpreter in remote server mode runs in OpenNMS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via `appId` parameter to `/container/list`.

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the `Benchmark`, `PG_Sleep`, `DBMS_Lock.Sleep`, `Waitfor`, `DECODE`, and `DBMS_PIPE.RECEIVE_MESSAGE` functions.

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit 2.6.3 and prior. A patch is available at commit 36d1d4d256cbbab028342ba10cc493e5c119172c and anticipated to be part of version 2.6.4.

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.