ghsa

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.

Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

### Impact The core Akka module depended on an old System.Configuration.ConfigurationManager version 4.7.0 which transitively depends on System.Common.Drawing v4.7.0. The System.Common.Drawing v4.7.0 is affected by a remote code execution vulnerability https://github.com/advisories/GHSA-ghhp-997w-qr28. The real-world impact of this should be low, but users should be advised to upgrade to later versions of Akka.NET. ### Patches _Has the problem been patched? What versions should users upgrade to?_ This issue is resolved in Akka.NET v1.4.46 and Akka.NET v1.5.0-alpha3. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ You might be able to explicitly reference System.Configuration.ConfigurationManager's NuGet package and upgrade to 6.0.1 or later without upgrading Akka.NET, but it's probably best to upgrade Akka.NET itself. ### References _Are there any links users can visit to find out more?_ Original issue: https://github.com/akka...

### Impact When the [`BaseCandidateSamplerOp`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/candidate_sampler_ops.cc) function receives a value in `true_classes` larger than `range_max`, a heap oob vuln occurs. ```python tf.raw_ops.ThreadUnsafeUnigramCandidateSampler( true_classes=[[0x100000,1]], num_true = 2, num_sampled = 2, unique = False, range_max = 2, seed = 2, seed2 = 2) ``` ### Patches We have patched the issue in GitHub commit [b389f5c944cadfdfe599b3f1e4026e036f30d2d4](https://github.com/tensorflow/tensorflow/commit/b389f5c944cadfdfe599b3f1e4026e036f30d2d4). The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security m...

A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view. This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that page.

Gridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability. An attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the GridField state.