Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-2r7v-cmch-5x26: muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference

### Impact The package muhammara before 2.6.2, from 3.0.0 and before 3.3.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. ### Patches It has been patched in 3.4.0 and has been backported to 2.6.2 There is no patch for hummus, currently ### Workarounds Do not process files from untrusted sources or update. Replace hummus with muhammara ### References https://github.com/julianhille/MuhammaraJS/pull/235 https://github.com/julianhille/MuhammaraJS/pull/238

ghsa
Open in Source
#vulnerability#dos#nodejs#js#git#pdf
GHSA-w66j-xc7r-m2jv: camel-ldap component allows LDAP Injection when using the filter option

The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.

GHSA-x2jx-w3wm-9p3p: nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit

Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

GHSA-7249-8x22-4rg4: nadesiko3 vulnerable to OS Command Injection

OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.

GHSA-m8r5-7wf4-63mw: Nadesiko3 OS Command Injection vulnerability

OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The [JPCERT/CC](https://jvn.jp/en/jp/JVN56968681/index.html) advisory lists versions 3.3.68 and prior as vulnerable, and the most recent patch for this issue is tagged with version 3.3.69.

GHSA-q5j9-f95w-f4pr: TERASOLUNA Server Framework vulnerable to ClassLoader manipulation

TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to ClassLoader manipulation due to using the old version of Spring Framework which contains the vulnerability. The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application. When using TERASOLUNA Global Framework 1.0.0 (Public review version), update to TERASOLUNA Server Framework for Java 5.7.1.SP1 (using Spring Framework 5.3.18). This vulnerability alone can be addressed by updating to TERASOLUNA Global Framework 1.0.1 (using Spring Framework 3.2.10) or later.

GHSA-cgp8-4m63-fhh5: Apache Commons Net vulnerable to information leakage via malicious server

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.

GHSA-q7qq-9gx2-ggxv: phpxmlrpc vulnerable to argument injection

phpxmlrpc vulnerable to argument injection via local file access in `Client:send` via manipulation of `$protocol` argument.

GHSA-qv6c-367r-3w6q: XBlock vulnerable to Cross-Site Scripting (XSS)

### Impact XSS Vulnerability in multiple XBlock Fields. Any platform that has deployed the XBlock will be impacted. ### Patches https://github.com/openedx/xblock-drag-and-drop-v2/commit/53c4482f9bb6d8c7ccdf5253bd82c84a222b2492 The fix is compatible with all Open edX releases newer than Lilac. ### Workarounds None. ### References https://github.com/openedx/xblock-drag-and-drop-v2/pull/295#issuecomment-1277693864

GHSA-7rg2-cxvp-9p7p: Prometheus Exporter-Toolkit is vulnerable to authentication bypass

### Impact Prometheus and its exporters can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password back. However, a flaw in the way this mechanism was implemented in the exporter toolkit makes it possible with people who know the hashed password to authenticate against Prometheus. A request can be forged by an attacker to poison the internal cache used to cache the computation of hashes and make subsequent requests successful. This cache is used in both happy and unhappy scenarios in order to limit side channel attacks that could tell an attacker if a user is present in the file or not. ### Patches The exporter-toolkit v0.7.3 and v0.8.2 have been released to address this issue. ### Workarounds There is no workaround but attacker must have access to the hashed password, stored in disk, to bypass the au...