ghsa

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Remote Code Execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1 where a stack buffer overrun occurs in .NET Double Parse routine. ### Patches * Any .NET 6.0 application running on .NET 6.0.2 or lower * Any .NET 5.0 application running on .NET 5.0.14 or lower * Any .NET Core 3.1 application running on .NET Core 3.1.22 or lower To fix the issue, please install the latest version of .NET 6.0, .NET 5.0, or .NET Core 3.1. If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. * If you're using .NET 6.0, you should download and install Runtime 6.0.3 or SDK 6.0.103 (for Visual Studio 2019 v17.0) or SDK 6...

### TL;DR This vulnerability affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be exploited for targeted attacks because the attack does not scale to brute force. ---- ### Introduction User enumeration is a type of vulnerability that allows attackers to confirm which users are registered in a Kirby installation. This information can be abused for social engineering attacks against users of the site or to find out the organizational structure of the company. User enumeration attacks are performed by entering an existing and a non-existing user into the email address field of the login form. If the system returns a different response or behaves differently depending on whether the user exists, the attacker can enter unknown email addresses and use the different behavior as a clue for the (non-)existing user. ### Impact Kirby comes with a built-in brute force protection. By default, it will prevent further login attemp...

### TL;DR This vulnerability only affects you if you are using the `code` or `password-reset` auth method with the `auth.methods` option. It can only be successfully exploited under server configuration conditions outside of the attacker's control. ---- ### Introduction User enumeration is a type of vulnerability that allows attackers to confirm which users are registered in a Kirby installation. This information can be abused for social engineering attacks against users of the site or to find out the organizational structure of the company. User enumeration attacks are performed by entering an existing and a non-existing user into the email address field of the login form. If the system returns a different response or behaves differently depending on whether the user exists, the attacker can enter unknown email addresses and use the different behavior as a clue for the (non-)existing user. ### Impact Under normal circumstances, entering an invalid email address results in a "fa...

### Impact The admin and monitor user groups need to be authenticated by username and password. If we delete the X-Requested-With: XMLHttpRequest field in the request header,the authentication will be bypassed. ### Patches https://github.com/brockercap/Bifrost/pull/201 ### Workarounds Upgrade to the latest version

### Impact Shipping rule edit page is vulnerable to cross site scripting (XSS) payload added to UPS Surcharge field. The attacker should have permission to create or edit a shipping rule.

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the `StaticAnalyzer/views.py` script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.

### Summary Nokogiri v1.13.9 upgrades the packaged version of its dependency libxml2 to [v2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3) from v2.9.14. libxml2 v2.10.3 addresses the following known vulnerabilities: - [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309) - [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304) - [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303) Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.13.9`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements. ### Mitigation Upgrade to Nokogiri `>= 1.13.9`. Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against external libraries libxml2 `>= 2.10.3` which w...

### Impact In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected.  In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, MysqlConfiguration class don't filter any parameters, directly concat user input. ```java @Getter @Setter public class MysqlConfiguration extends JdbcConfiguration { private String driver = "com.mysql.jdbc.Driver"; private String extraParams = "characterEncoding=UTF-8&connectTimeout=5000&useSSL=false&allowPublicKeyRetrieval=true&zeroDateTimeBehavior=convertToNull"; public String getJdbc() { if(StringUtils.isEmpty(extraParams.trim())){ return "jdbc:mysql://HOSTNAME:PORT/DATABASE" .replace("HOSTNAME", getHost().trim()) .replace("PORT", get...

### Impact This vulnerability affects IBC transfers due to a security vulnerability dubbed "Dragonberry" upstream in [Cosmos SDK](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.9). The vulnerability could allow malicious attackers to compromise chain-to-chain IBC transfers. There is no vulnerability in the DID/resource modules for cheqd-node. ### Patches Node operators are requested to upgrade to [cheqd-node v0.6.9](https://github.com/cheqd/cheqd-node/releases/tag/0.6.9) as soon as possible. Installation instructions are in the release notes. Please do not install any beta/pre-release versions. ### Workarounds No. The patch takes effect when more than 2/3rds of the voting power of the cheqd network has upgraded to this patch. An emergency hotfix was released previously under v0.6.8 but this is now deprecated since [Cosmos SDK v0.45.9](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.9) officially fixes this upstream. ### References - [IBC Security Advisory on "Drag...

#### Impact `@keystone-6/[email protected] || 2.3.0` users who are using the `multiselect` field, and provided field-level access control - are vulnerable to their field-level access control not being used. List-level access control is **NOT** affected. Field-level access control for fields other than `multiselect` are **NOT** affected. Example, **you are vulnerable if** you are using field-level access control on a `multiselect` like the following: ```ts const yourList = list({ access: { // this is list-level access control, this is NOT impacted }, fields: { yourFieldName: multiselect({ // this is field-level access control, for multiselect fields // this is vulnerable access: { create: ({ session }) => session?.data.isAdmin, update: ({ session }) => session?.data.isAdmin, }, options: [ { value: 'apples', label: 'Apples' }, { value: 'oranges', label: 'Oranges' }, ], // ... }), // ... }, ...