ghsa

### Impact SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. ### Patches Upgrade to patched version >= 0.17.0 We always recommend to upgrade to the latest released version. ### Workarounds No workarounds ### References https://www.cve.org/CVERecord?id=CVE-2023-50424

### Impact SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. ### Patches Upgrade to patched version >= 2.17.0 or >= 3.3.0 We always recommend to upgrade to the latest released version. ### Workarounds No workarounds ### References https://www.cve.org/CVERecord?id=CVE-2023-50422

### Summary As of Wasmer version v4.2.3, Wasm programs can access the filesystem outside of the sandbox. ### Details https://github.com/wasmerio/wasmer/issues/4267 ### PoC A minimal Rust program: ``` fn main() { let f = std::fs::OpenOptions::new() .write(true) .create_new(true) .open("abc") .unwrap(); } ``` This should be compiled with `cargo build --target wasm32-wasi`. The compiled program, when run with wasmer WITHOUT `--dir`, can still create a file in the working directory. ### Impact Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem.

### Summary When parsing the attributes passed to a `use` tag inside an svg document, we can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. ### Details Inside `Svg\Tag\UseTag::before`, php-svg-lib parses the attributes passed to an `use` tag inside an svg document. When it finds a `href` or `xlink:href`, it will try to retrieve the object representing this tag: ``` $link = $attributes["href"] ?? $attributes["xlink:href"]; $this->reference = $document->getDef($link); if ($this->reference) { $this->reference->before($attributes); } ``` `$document->getDef` is implemented as follow: ``` public function getDef($id) { $id = ltrim($id, "#"); return isset($this->defs[$id]) ? $this->defs[$id] : null; } ``` _Note:_ the `$id` in the above method is actually the _link_ being used in `use` tag. This part is important, because thi...

#### Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. #### Workaround Implement the server side file validation https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation or Serve all media from an different host (e.g cdn) that where umbraco is hosted

#### Impact A brute force exploit that can be used to collect valid usernames is possible.

#### Impact A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled

#### Impact Users with low privileges ( Editor, etc) are able to access some unintended endpoints.

#### Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.

#### Impact Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.