Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-rp78-4562-gx3c: pimcore is vulnerable to cross-site scripting in translate module

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

ghsa
Open in Source
#xss#git
GHSA-3r5c-h7g6-cqw7: pimcore is vulnerable to cross-site scripting in classes module

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-69fc-v223-6rjw: Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-6mmf-qm37-pmgg: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-2x9c-qwgf-94xr: matrix-react-sdk Prototype pollution vulnerability

### Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. ### Patches This is fixed in matrix-react-sdk 3.53.0 ### Workarounds There are no workarounds. Please upgrade immediately. ### References https://learn.snyk.io/lessons/prototype-pollution/javascript/ ### For more information If you have any questions or comments about this advisory please email us at [security at matrix.org](mailto:[email protected]).

GHSA-rfv9-x7hh-xc32: matrix-js-sdk Prototype Pollution vulnerability

### Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. ### Patches This is fixed in matrix-js-sdk 19.4.0. ### Workarounds Redacting applicable events, waiting for the sync processor to store data, and restarting the client can often fix it. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible. ### References https://learn.snyk.io/lessons/prototype-pollution/javascript/ ### For more information If you have any questions or comments about this advisory please email us at [security at matrix.org](mailto:[email protected]).

GHSA-5r3x-p7xx-x6q5: Comrak AST node data is not validated (GHSL-2023-049)

### Impact A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins`. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes contain `[u8]` fields which the formatting code assumes is valid UTF-8 data. Several bugs can be triggered if this is not the case. ### Patches 0.17.0 contains adjustments to the AST, storing strings instead of unvalidated byte arrays. ### Workarounds * Validate UTF-8 correctness of all data when assigning to `&[u8]` and `Vec<u8>` fields in the AST. ### References n/a

GHSA-xxmq-4vph-956w: Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)

### Impact comrak is vulnerable to the upstream cmark issue, ["Issue revealed by fuzzer"](https://github.com/commonmark/cmark/issues/354). A large number of references in a markdown document can trigger an overly large response. ### Patches 0.17.0 contains https://github.com/kivikakk/comrak/commit/70f97f3ea4eae30ffbd1b94c764a3de2f1c41d2a, which limits reference output to a 100Kb maximum. ### Workarounds n/a ### References * https://github.com/commonmark/cmark/issues/354

GHSA-8hqf-xjwp-p67v: Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)

### Impact A range of quadratic parsing issues from `cmark`/`cmark-gfm` are also present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. ### Patches 0.17.0 contains fixes to known quadratic parsing issues. ### Workarounds n/a ### References * https://github.com/commonmark/cmark/issues/255 * https://github.com/commonmark/cmark/issues/389 * https://github.com/commonmark/cmark/issues/373 * https://github.com/commonmark/cmark/issues/299 * https://github.com/commonmark/cmark/issues/388 * https://github.com/commonmark/cmark/issues/284 * https://github.com/commonmark/cmark/issues/218 * https://github.com/commonmark/cmark/pull/232 * https://github.com/github/cmark-gfm/blob/c32ef78bae851cb83b7ad52d0fbff880acdcd44a/test/pathological_tests.py#L63-L65 * https://github.com/github/cmark-gfm/blob/c32ef78bae851cb83b7ad52d0fbff880acdcd44a/test/pathological_tests.py#L87-L89

GHSA-7phw-cxx7-q9vq: Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.