Source
ghsa
Related UI vulnerability advisory: https://github.com/jaegertracing/jaeger-ui/security/advisories/GHSA-vv24-rm95-q56r ### Summary Jaeger UI is using the `json-markup` dependency to display span attributes and resources. This dependency is not sanitising keys of an object though, thus the `KeyValuesTable` is vulnerable to XSS. ### Details The vulnerable line is here: https://github.com/jaegertracing/jaeger-ui/blob/main/packages/jaeger-ui/src/components/TracePage/TraceTimelineViewer/SpanDetail/KeyValuesTable.tsx#L49 ### PoC 1. Start a Jaeger UI 2. Save the following trace as a file: ```json { "data": [ { "traceID": "076ef819cc06c45a", "spans": [ { "traceID": "076ef819cc06c45a", "spanID": "076ef819cc06c45a", "flags": 1, "operationName": "and open 'attributes'", "references": [], "startTime": 1678196149232010, ...
# Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege (EoP) and code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/263 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.8 or earlier. * Any .NET 6.0 application running on .NET 6.0.19 or earlier. If your applicati...
# Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/aspnetcore/issues/49334 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET 7.0 application running on .NET 7.0.8 or earlier. * Any ASP.NET 6.0 application running on .NET 6.0.19 or earlier. * Any ASP.N...
Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.
xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).
### Impact A Cross-Site Scripting (XSS) vulnerability was found in the HTML output of chats. XSS is intended to be mitigated by Jinja's escape function. However, `autoescape=True` was missing when setting the environment. Although the actual impact is low, considering the HTML file is being viewed offline, an adversary may still be able to inject malicious payloads into the chat through WhatsApp. All users are affected. ### Patches The vulnerability is patched in 0.9.5. All users are strongly advised to update the exporter to the latest version. ### Workarounds No workaround is available. Please update the exporter to the latest version. ### References https://github.com/KnugiHK/WhatsApp-Chat-Exporter/commit/bfdc68cd6ad53ceecf132773f9aaba50dd80fe79 https://owasp.org/www-community/attacks/xss/
### Problem It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. ### Solution Update to version 1.17.11 of the `ckeditor-wordcount-plugin` plugin. ### Credits * @sypets for reporting this finding to the TYPO3 Security Team * @ohader for fixing the issue on behalf of the TYPO3 Security Team
### Impact The product performs authorization checks incorrectly when an unauthorized actor tries to access a resource or perform an actions. The attacker can view and freely perform actions to add, modify, or delete rules. ### Patches Update to version 3.4.1 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch ### Workarounds Apply https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45.patch manually. ### References https://huntr.dev/bounties/1dcb4f01-e668-4aa3-a6a3-838532e500c6/
### Impact RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. An attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted scope allowing the call of unrestricted Python code and therefore potentially allowing arbitrary code execution in the Python interpreter. All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope Page Template`. This is a non-default configuration and likely to be extr...
### Impact The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-urlencoded` as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming rights, this allows remote code execution through script macros and thus impacts the integrity, availability and confidentiality of the whole XWiki installation. For regular cookie-based authentication, the vulnerability is mitigated by SameSite cookie restrictions but as of March 2023, these are not enabled by default in Firefox and Safari. ### Patches The vulnerability has been patched in XWiki 14.10.8 and 15.2 by requiring a CSRF token header for certain request types that are susceptible to CSRF attacks. ### Workarounds It is possible to check for the `Origin` header in a reverse proxy to protect the REST endpoint from CSRF attacks, see [the Jira issue](https://jira.xwiki.org/b...