Source
ghsa
### Impact A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: * The user runs an application containing either `matplotlib` or `win32com`. * The application is ran as administrator (or at least a user with higher privileges than the attacker). * The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). * Either: - The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between [`shutil.rmtree()`'s builtin symlink check](https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623) and the deletion itself - The application was built with Python 3.7.x or earl...
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.
### Impact The eventing-gitlab cluster-local server doesn't set `ReadHeaderTimeout` which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris attack. ### Patches Fix in `v1.12.1` and `v1.11.3`. ### Credits The vulnerability was reported by Ada Logics during an ongoing security audit of Knative involving Ada Logics, the Knative maintainers, OSTIF and CNCF.
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.
### Impact When used to pull source code from a private repository using a Personal Access Token (PAT), some versions of dbt-core write a URL with the PAT in plaintext to the `package-lock.yml` file. ### Patches The bug has been fixed in [dbt-core v1.7.3](https://github.com/dbt-labs/dbt-core/releases/tag/v1.7.3). ### Mitigations Remove any git URLs with plaintext secrets from `package-lock.yml` file(s) on servers, workstations, or in source control. Rotate any tokens that have been written to version-controlled files.
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.