Source
ghsa
### Impact It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Impacted by this issue are Sulu installation >= 2.5.0 and <2.5.10 using the newer Symfony Security System which is default since Symfony 6.0 but can be enabled in Symfony 5.4. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. ### Patches The problem has been patched in version 2.5.10. ### Workarounds Create a custom AuthenticationFailureHandler which does not return the `$exception->getMessage();` instead the `$exception->getMessageKey();` ### References Currently no references.
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0.
### Impact [RFC 9112 Section 7.1](https://www.rfc-editor.org/rfc/rfc9112#name-chunked-transfer-coding) defined the format of chunk size, chunk data and chunk extension (detailed ABNF is in Appendix section). In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data using CRLF. - The chunk extension shouldn't contain any invisible character. However, we found that Falcon has following behaviors while disobey the corresponding RFCs. - Falcon accepts Content-Length header values that have "+" prefix. - Falcon accepts Content-Length header values that written in hexadecimal with "0x" prefix. - Falcon accepts "0x" and "+" prefixed chunk size. - Falcon accepts LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. Note that while these issues were reproduced in Fa...
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients. ### Impact An attacker with knowledge of this vulnerability could craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable. ### Patches Users are encouraged to update their odoh-rs's rust crate to v1.0.2.
### Impact The Wrangler command line tool (<[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. ### Patches Upgrade to [email protected] or higher. ### References [Workers SDK on Github](https://github.com/cloudflare/workers-sdk) [Wrangler docs](https://developers.cloudflare.com/workers/wrangler/) [CVE-2023-3348](https://www.cve.org/CVERecord?id=CVE-2023-3348)
### Impact A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: Overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. Tamper with system settings by modifying key files, such as the hosts file in Windows or configuration files for other services. Cause a denial of service (DoS) if critical system files are overwritten or deleted. The consequences of exploiting this vulnerability can be detrimental to the confidentiality, integrity, and availability of the affected system. It's crucial to address this vulnerability to protect sensitive data and ensure the proper functioning of the system. ### Patches Update to version 10.6.7 or appl...
### Impact As HTML injection works in email an attacker can trick a victim to click on such hyperlinks to redirect him to any malicious site and also can host a XSS page. All this will surely cause some damage to the victim. This could lead to users being tricked into giving logins away to malicious attackers. ### Patches Update to version 3.4.2 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2.patch ### Workarounds Apply https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2.patch manually. ### References https://huntr.dev/bounties/ce852777-2994-40b4-bb4e-c4d10023eeb0/
The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. This vulnerability has been assigned CVE-2023-38497. ## Overview In UNIX-like systems, each file has three sets of permissions: for the user owning the file, for the group owning the file, and for all other local users. The "[umask][1]" is configured on most systems to limit those permissions during file creation, removing dangerous ones. For example, the default umask on macOS and most Linux distributions only allow the user owning a file to write to it, preventing the group owning it or other local users from doing the same. When a dependency is downloaded by Cargo, its source code has to be extracted on disk to allow the Rust compiler to read as part of the build. To ...
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.