Source
ghsa
### Impact In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path. ### Patches 8.1.1 ### Found by Aleksey Solovev (Positive Technologies) ### Workarounds none ### References none
### Impact SQL injection possible in product search field, in BO's product page ### Patches 8.1.1 ### Found by Aleksey Solovev (Positive Technologies) ### Workarounds none ### References none
### Impact In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: - A `.vy` contract compiled with either of the following `vyper` versions: `0.2.15`, `0.2.16`, `0.3.0` - A primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates) - A secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function ### Patches https://github.com/vyperlang/vyper/pull/2439, https://github.com/vyperlang/vyper/pull/2514 ### Workarounds Upgrade to 0.3.1 or higher ### Refe...
### Impact A malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p now restricts RSA keys to <= 8192 bits. ### Patches Users should upgrade their go-libp2p versions to >=v0.27.8, >= v0.28.2, or >=v0.29.1 To protect your application, it's necessary to update to these patch releases **AND** to use the updated Go compiler (1.20.7 or 1.19.12, respectively) ### Workarounds There are no known workarounds ### References The Golang crypto/tls package also had this vulnerability ("verifying certificate chains containing large RSA keys is slow” https://github.com/golang/go/issues/61460) Fix in golang/go crypto/tls: https://github.com/golang/go/commit/2350afd2e8ab054390e284c95d5b089c142db017 Fix in quic-go htt...
### Impact lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. ### Patches The problem has been patched and released as v1.1.1 ### Workarounds No workarounds exist.
# Microsoft Security Advisory CVE-2023-35390: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists when some dotnet commands are used in directories with weaker permissions which can result in remote code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/266 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.109 or earlier. * Any .NET 7.0.3xx SDK 7.0.306 or earlier. * Any .NET 6.0.1xx SDK 6.0.120 or earlier. * Any .NET 6.0.3xx SDK 6.0.315 or earlier. * A...
# Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET Kestrel where a malicious client can bypass QUIC stream limit in HTTP/3 in both ASP.NET and .NET runtimes resulting in denial of service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/268 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.9 or earlier. If your application uses the following package versions, ensure you update to the latest version of ....
# Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/269 ### <a name="mitigation-factors"></a>Mitigation factors If your application is running behind a reverse proxy, or Web Application Firewall, which has its own mitigations against HTTP based attacks this issue may be mitigated by the proxy or WAF ## <a name="affected-software"></a>Affected software * Any .NET 7.0 applicat...
### Impact Angular Universal applications on 16.1.0 and 16.1.1 using critical CSS inlining are vulnerable to a [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) attack where an attacker can trick another user into visiting a page which injects malicious JavaScript. Angular CLI applications without Universal do perform critical CSS inlining as well, however exploiting this requires a malicious actor to already have access to modify source code directly. ### Patches `@nguniversal/common` should be upgraded to 16.1.2 or higher. 16.2.0-rc.0 is safe. ### Workarounds The easiest solution is likely to upgrade Universal to 16.1.2 or downgrade to 16.0.x or lower. Alternatively you can [override](https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides) specifically the `critters` dependency with version `0.0.20` in your `package.json`. ```json { "overrides": { "critters": "0.0.20" } } ``` ### References * [Angular Blog Post](https://blog.angula...
### Impact An attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on https://sentry.io. For self-hosted users, it is advised to rotate user auth tokens via `https://your-self-hosted-sentry-installation/settings/account/api/auth-tokens/`. ### Patches The issue was fixed in https://github.com/getsentry/sentry/pull/53850 and is available in the release 23.7.2 of [sentry](https://github.com/getsentry/sentry/releases/tag/23.7.2) and [self-hosted](https://github.com/getsentry/self-hosted/releases/tag/23.7.2). ### Workarounds There are no known workarounds.