ghsa

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena from 3.7.0 through 4.8.0.

### Impact The external link feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. ### Patches The problem was patched in [v0.27.3](https://github.com/decidim/decidim/releases/tag/v0.27.3) and [v0.26.6](https://github.com/decidim/decidim/releases/tag/v0.26.6)

### Impact The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. ### Patches The problem was patched in [v0.27.3](https://github.com/decidim/decidim/releases/tag/v0.27.3) and [v0.26.6](https://github.com/decidim/decidim/releases/tag/v0.26.6)

Note: added the actual report as a [comment](https://github.com/decidim/decidim/security/advisories/GHSA-jm79-9pm4-vrw9#advisory-comment-81110). ### Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). ### Impact This issue may lead to Sensitive Data Disclosure. ### Patches The problem was patched in [v0.27.3](https://github.com/decidim/decidim/releases/tag/v0.27.3). ### Workarounds Disable or unpublish all meetings components from your application.

### Impact This vulnerability is related to the deserialization of untrusted data from the `_state` query parameter, which can result in remote code execution. ### Patches The issue has been addressed in version `14.5.0`. Users are advised to upgrade their software to this version or any subsequent versions that include the patch. ### Workarounds In this case, it is recommended for users to upgrade to the patched version rather than relying on workarounds. Upgrading to the fixed version ensures that the vulnerability is no longer present and provides the best protection against remote code execution ### References For more detailed information about this workaround and its effectiveness, users should consult the support channels provided by the software or system developer. They can provide specific guidance on implementing this workaround and any potential limitations or caveats associated with it. ---- This vulnerability was discovered by Vladislav Gladkiy (Positive Technolo...

### Impact Vendure is an e-commerce GraphQL framework with a number of APIs and different levels of authorization. By default the Cookie settings are insecure, having the SameSite setting as false which results in not having one (originates from the cookie-session npm package’s default settings). ### Patches In progress ### Workarounds Manually set the `authOptions.cookieOptions.sameSite` configuration option to `'strict'`, `'lax'` or `true`. ### References _Are there any links users can visit to find out more?_

Related UI vulnerability advisory: https://github.com/jaegertracing/jaeger-ui/security/advisories/GHSA-vv24-rm95-q56r ### Summary Jaeger UI is using the `json-markup` dependency to display span attributes and resources. This dependency is not sanitising keys of an object though, thus the `KeyValuesTable` is vulnerable to XSS. ### Details The vulnerable line is here: https://github.com/jaegertracing/jaeger-ui/blob/main/packages/jaeger-ui/src/components/TracePage/TraceTimelineViewer/SpanDetail/KeyValuesTable.tsx#L49 ### PoC 1. Start a Jaeger UI 2. Save the following trace as a file: ```json { "data": [ { "traceID": "076ef819cc06c45a", "spans": [ { "traceID": "076ef819cc06c45a", "spanID": "076ef819cc06c45a", "flags": 1, "operationName": "and open 'attributes'", "references": [], "startTime": 1678196149232010, ...

# Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege (EoP) and code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/263 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.8 or earlier. * Any .NET 6.0 application running on .NET 6.0.19 or earlier. If your applicati...