ghsa

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method.

OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.

## Overview We have identified and addressed a security issue in the Nuclei project that affected users utilizing Nuclei as **Go code (SDK)** running **custom templates**. This issue did not affect CLI users. The problem was related to sanitization issues with payloads loading in `sandbox` mode. ## Details In the previous versions, there was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in the latest release, v2.9.9. We have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been **deprecated** and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network acces...

### Impact It is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. ### Patches Versions 1.0.1 and above are patched. ### Workarounds There are no robust workarounds to the bug. You can disable dynamic channels in the config to disable the most common execution method but others may exist. It is highly recommended to upgrade the bridge. ### Credits Discovered and reported by [Val Lorentz](https://valentin-lorentz.fr/). ### For more information If you have any questions or comments about this advisory email us at [[email protected]](mailto:[email protected]).

### Impact A malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. ### Details The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. ### Workarounds Disable the provisioning API. If the bridge does not use the provisioning API, you are not vulnerable.

### Impact It was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. ### Patches Please upgrade to 1.0.1. ### Workarounds You can set the `matrixHandler.eventCacheSize` config value to `0` to workaround this bug. However, this may impact performance. ### Credits Discovered and reported by [Val Lorentz](https://valentin-lorentz.fr/). ### For more information If you have any questions or comments about this advisory email us at [[email protected]](mailto:[email protected]).

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.

# GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-044` The [GitHub Security Lab](https://securitylab.github.com) team has identified a potential security vulnerability in [Aerospike Java Client](https://github.com/aerospike/aerospike-client-java/). We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively coordinate a resolution of this issue with the GHSL team. If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at `[email protected]` (please include `GHSL-2023-044` as a reference). If you are _NOT_ the correct point of contact for this report, please let us know! ## Summary The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further valida...

### Impact _What kind of vulnerability is it? Who is impacted?_ Anyone who might have used Soketi with the `cluster` driver (or through PM2). ### Patches _Has the problem been patched? What versions should users upgrade to?_ Get the latest version of Soketi. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ None. It's advised to upgrade to the latest version. ### References _Are there any links users can visit to find out more?_ - https://github.com/advisories/GHSA-cchq-frgv-rjh5 - https://github.com/patriksimek/vm2/issues/533 - https://github.com/Unitech/pm2/issues/5643