Source
ghsa
### Impact A path traversal vulnerability exists in the CMS, which allows an attacker to overwrite or modify sensitive files by manipulating the `pimcore_log` parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: - Overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. - Tamper with system settings by modifying key files, such as the hosts file in Windows or configuration files for other services. - Cause a denial of service (DoS) if critical system files are overwritten or deleted. The consequences of exploiting this vulnerability can be detrimental to the confidentiality, integrity, and availability of the affected system. It's crucial to address this vulnerability to protect sensitive data and ensure the proper functioning of the system. ### Patches Update to version 10.5.22 or apply this patch manually https:/...
### Impact In 4.18.0, the network handling of inventories was completely revamped. Due to this, a bug was introduced which allowed players to request that the server drop more of an item than they had available in their hotbar. This did not lead to any duplication issues, but instead led to a server crash, and is believed to have been exploited in the wild. ### Patches This was fixed in 58974765a68f63a9968a7ff3a06f584ff2ee08d2, which was released in 4.18.1. ### Workarounds Handle `InventoryTransactionPacket` in `DataPacketReceiveEvent`, and verify that the item count dropped isn't more than the available item count. However, it's complicated to do this, so it's not recommended.
### Impact An attacker could crash the server by sending malformed JWT JSON in `LoginPacket` due to a security vulnerability in [`netresearch/jsonmapper`](https://github.com/cweiske/JsonMapper), due to improper checking for mapping JSON arrays and objects onto scalar model properties such as strings. ### Patches The problem was fixed in a fork of JsonMapper in dktapps/JsonMapper@a31902a31f5b6fdb832f57c0e3a3f16a3b41c012. PocketMine-MP releases 4.20.5 and 4.21.1 have been released with the fix. ### Workarounds - Users of PocketMine-MP source installations may manually install the patched version of JsonMapper by backporting commit pmmp/PocketMine-MP@09668a37d66c6023685a948b7550c918620e98f2. - A plugin may also be able to workaround this issue by using `DataPacketReceiveEvent` to attempt detection of suspicious payloads. An `ErrorException` will be thrown in the crash case, which can be caught by plugins. ### References cweiske/jsonmapper#210
### Impact A new user can privilege escalation to admin role which least config ### Patches Update to version 10.5.23 or apply this patches manually https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a.patch ### Workarounds Apply patches manually: https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a.patch ### References https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1/
An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0; users should upgrade to this version. The vulnerability was discovered by the [Oxeye research](https://www.oxeye.io/) team.
The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution.
### Impact #### Description: JStachio fails to escape single quotes `'` in HTML, allowing an attacker to inject malicious code. #### Reproduction Steps: Use the following template code: ```html <div attr='{{value}}'></div> ``` Set the value variable to `' onblur='alert(1)`. ```java public class Escaping { public static void main(String[] args) { Model model = new Model("' onblur='alert(1)"); String result = AttributeTemplate.of().execute(model); System.out.println(result); } @JStache(template = "<div attr='{{value}}'></div>", name="AttributeTemplate") @JStacheConfig(contentType= Html.class) public static class Model { public final String value; public Model(String value) { this.value = value; } public String getValue() { return value; } } } ``` Expected Result: The resulting output should have properly escaped the single quotes and not execute the inject...
### Impact This vulnerability affects the [`ibc-go` package for those running full nodes, dubbed "Huckleberry"](https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731). According to their advisory: > This issue is low-severity in general, and it has a low impact and likelihood of exploitation. Depending on how a full node is architected, this issue could potentially yield a high or critical severity vulnerability. There is no vulnerability in the DID/resource modules for cheqd-node. ### Patches Node operators are requested to upgrade to [cheqd-node v1.4.2](https://github.com/cheqd/cheqd-node/releases/tag/v1.4.2). This is a non-state breaking release, and does not require a coordinated upgrade across all node operators. ### Workarounds No. Node operators are recommended to upgrade to the latest release version. ### References - ["Huckleberry" IBC security advisory](https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731) - [`ibc-go` v6.1.1 release not...
### Impact In versions of Kyverno prior to 1.10.0, resources which have the `deletionTimestamp` field defined can bypass validate, generate, or mutate-existing policies, even in cases where the `validationFailureAction` field is set to `Enforce`. This situation occurs as resources pending deletion were being consciously exempted by Kyverno, as a way to reduce processing load as policies are typically not applied to objects which are being deleted. However, this could potentially result in allowing a malicious user to leverage the [Kubernetes finalizers feature](https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/) by setting a finalizer which causes the Kubernetes API server to set the `deletionTimestamp` and then not completing the delete operation as a way to explicitly to bypass a Kyverno policy. Note that this is not applicable to Kubernetes Pods but, as an example, a Kubernetes Service resource can be manipulated using an indefinite finalizer to byp...
Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).