Source
ghsa
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt. If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
### Impact Keylime `registrar` is prone to a simple denial of service attack in which an adversary opens a connection to the TLS port (by default, port `8891`) blocking further, legitimate connections. As long as the connection is open, the `registrar` is blocked and cannot serve any further clients (`agents` and `tenants`), which prevents normal operation. The problem does not affect the `verifier`. ### Patches Users should upgrade to release 7.4.0
### Summary Found an issue: Call to requests with verify=False disabling SSL certificate checks, security issue. Make the impact and severity as straightforward as possible. This rule enforces always verifying SSL certificates for methods in the Requests library. Certificates are validated by default which is the desired behavior. Encryption in general is typically critical to the security of many applications. Using TLS can significantly increase security by guaranteeing the identity of the party you are communicating with. This is accomplished by one or both parties presenting trusted certificates during the connection initialization phase of TLS. It is important to note that modules such as httplib within the Python standard library did not verify certificate chains until it was fixed in 2.7.9 release. ### Details Severity: Critical
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. ### References - https://nvd.nist.gov/vuln/detail/CVE-2022-40149 - https://github.com/jettison-json/jettison/issues/45 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 - https://github.com/jettison-json/jettison/pull/49/files - https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1 - https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html - https://www.debian.org/security/2023/dsa-5312
### Description According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides in the following GitHub repository: https://github.com/ensdomains/ens-contracts/blob/master/contracts/ethregistrar/BaseRegistrarImplementation.sol#L171 The vulnerable line of code is: ``` require( expiries[id] + duration + GRACE_PERIOD > duration + GRACE_PERIOD ); // Prevent future overflow ``` In this code snippet, the `duration` variable is user-supplied, making it possible to provide a value that would cause an overflow on both sides of the '>' expression, ultimately rendering the condition true. Specifically, when the dur...
### Summary It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. ### Details The TAR format is an append-only archive format, and as such, the specification for how to update a file is to add a new record to the end with the updated version of the file. This means that it is completely valid for an archive to contain multiple copies of, say, `package.json`, and the expected behavior when extracting is that all versions other than the last get ignored. This is further complicated by that during tarball extraction, all package managers are configured to drop the first path component, so collisions can be created simply by using multiple root folders in the archive, even without performing updates. When pnpm extracts a tar archive via tar-stream, it appears to extract only the _first_ file of a given name and discards all subsequent files with the same name. ...
### Impact It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example: ```js cy.get('h1').matchImageSnapshot('../../../ignore-relative-dirs') ``` The above will create an `ignore-relative-dirs.png` three levels up ### Patches Fixed in `8.0.2` ### Workarounds Validate all the existing uses of `matchImageSnapshot` to ensure correct use of the filename argument. Example: ```js // snapshot name will be the test title cy.matchImageSnapshot(); // snapshot name will be the name passed in cy.matchImageSnapshot('login'); ``` ### References https://github.com/simonsmith/cypress-image-snapshot/issues/15
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the `cfg_id` parameter in `/ajax/openvpn/activate_ovpncfg.php` and `/ajax/openvpn/del_ovpncfg.php`.