Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-9w2p-rh8c-v9g5: Local Privilege Escalation in Windows

### Impact A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: * The user runs an application containing either `matplotlib` or `win32com`. * The application is ran as administrator (or at least a user with higher privileges than the attacker). * The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). * Either: - The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between [`shutil.rmtree()`'s builtin symlink check](https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623) and the deletion itself - The application was built with Python 3.7.x or earl...

ghsa
#vulnerability#windows#git
GHSA-6p62-6cg9-f5f5: Memory exhaustion in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12.

GHSA-99jv-8292-2hpm: eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations

### Impact The eventing-gitlab cluster-local server doesn't set `ReadHeaderTimeout`‬‭ which could lead do a DDoS‬ ‭attack, where a large group of users send requests to the server causing the server to hang‬ ‭for long enough to deny it from being available to other users, also know as a Slowloris‬ ‭attack. ### Patches Fix in `v1.12.1` and `v1.11.3`. ### Credits The vulnerability was reported by Ada Logics during an ongoing security audit of Knative involving Ada Logics, the Knative maintainers, OSTIF and CNCF.

GHSA-7443-5962-wp4r: Directory Traversal in evershop

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.

GHSA-rwf3-w4jq-f4cm: Directory Traversal in evershop

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.

GHSA-2xcj-557c-hf8r: Cross-site Scripting in evershop

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.

GHSA-4wrm-qmq2-5fjx: Directory Traversal in evershop

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.

GHSA-j4g3-3q8x-jxqp: dbt-core's secret env vars written to package-lock.json in plaintext

### Impact When used to pull source code from a private repository using a Personal Access Token (PAT), some versions of dbt-core write a URL with the PAT in plaintext to the `package-lock.yml` file. ### Patches The bug has been fixed in [dbt-core v1.7.3](https://github.com/dbt-labs/dbt-core/releases/tag/v1.7.3). ### Mitigations Remove any git URLs with plaintext secrets from `package-lock.yml` file(s) on servers, workstations, or in source control. Rotate any tokens that have been written to version-controlled files.

GHSA-m42v-qv3c-h6j7: Cross-site Scripting in JFinalCMS

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.

GHSA-f2w8-4m48-5qrq: Cross-site Scripting in JFinalCMS

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.