Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-hfmg-g39c-5444: pimcore is vulnerable to cross-site scripting in translate module

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14732.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14732.patch manually. ### References https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f/

ghsa
Open in Source
#xss#vulnerability#git#auth
GHSA-hv5j-3h9f-99c2: Ruby URI component ReDoS issue

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

GHSA-fg7x-g82r-94qc: Ruby Time component ReDos issue

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

GHSA-gvg8-r8w2-9gfj: phpMyFAQ Improper Input Validation vulnerability

Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-4wfc-ghv5-2v7j: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-4p4m-5qp7-479x: phpMyFAQ has Weak Password Requirements

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-7q9c-f2v8-j8gw: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-hp8m-g55r-9cfq: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-6cpg-gqgq-2rrr: phpMyFAQ Code Injection vulnerability

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-m875-3xf6-mf78: unpoly-rails Denial of Service vulnerability

There is a possible Denial of Service (DoS) vulnerability in the unpoly-rails gem that implements the [Unpoly server protocol](https://unpoly.com/up.protocol) for Rails applications. ### Impact This issues affects Rails applications that operate as an upstream of a load balancer's that uses [passive health checks](https://docs.nginx.com/nginx/admin-guide/load-balancer/http-health-check/#passive-health-checks). The [unpoly-rails](https://github.com/unpoly/unpoly-rails/) gem echoes the request URL as an `X-Up-Location` response header. By making a request with exceedingly long URLs (paths or query string), an attacker can cause unpoly-rails to write a exceedingly large response header. If the response header is too large to be parsed by a load balancer downstream of the Rails application, it may cause the load balancer to remove the upstream from a load balancing group. This causes that application instance to become unavailable until a configured timeout is reached or until an activ...