Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-wg4w-5m5r-w3p8: OpenAPI Generator vulnerable to Server-Side Request Forgery

openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.

ghsa
Open in Source
#vulnerability#git#ssrf
GHSA-3hwm-922r-47hw: Stud42 vulnerable to denial of service

Stud42's API is vulnerable to a denial of service because the API pod can be overloaded by the GraphQL parser.

GHSA-7r35-chv4-xr3r: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14721.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14721.patch manually. ### References https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256/

GHSA-6qjm-39vh-729w: Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14721.patch ### Workarounds Apply patch manually https://github.com/pimcore/pimcore/pull/14721.patch ### References https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19

GHSA-hfmg-g39c-5444: pimcore is vulnerable to cross-site scripting in translate module

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14732.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14732.patch manually. ### References https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f/

GHSA-fg7x-g82r-94qc: Ruby Time component ReDos issue

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

GHSA-hv5j-3h9f-99c2: Ruby URI component ReDoS issue

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

GHSA-gvg8-r8w2-9gfj: phpMyFAQ Improper Input Validation vulnerability

Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-4wfc-ghv5-2v7j: phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

GHSA-4p4m-5qp7-479x: phpMyFAQ has Weak Password Requirements

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.