Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-6g43-88cp-w5gv: Prototype pollution in matrix-react-sdk

### Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. (This is part 2, where [CVE-2022-36060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36060) / [GHSA-2x9c-qwgf-94xr](https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-2x9c-qwgf-94xr) is part 1. Part 2 covers remaining vectors not covered by part 1, found in a codebase audit scheduled after part 1.) ### Patches This is fixed in matrix-react-sdk 3.69.0 ### Workarounds None. ### References - [Release blog post](https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0) - The advisory [GHSA-2x9c-qwgf-94xr](https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-2x9c-qwgf-94xr) ([CVE-2022-36060](https://cve.mitre.org/cgi-bin/cv...

ghsa
#vulnerability#dos#nodejs#js#git
GHSA-7j98-h7fp-4vwj: smarty Cross-site Scripting vulnerability in Javascript escaping

### Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. ### Patches Please upgrade to the most recent version of Smarty v3 or v4. ### For more information If you have any questions or comments about this advisory please open an issue in [the Smarty repo](https://github.com/smarty-php/smarty)

GHSA-rp78-4562-gx3c: pimcore is vulnerable to cross-site scripting in translate module

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-3r5c-h7g6-cqw7: pimcore is vulnerable to cross-site scripting in classes module

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-69fc-v223-6rjw: Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-6mmf-qm37-pmgg: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.

GHSA-2x9c-qwgf-94xr: matrix-react-sdk Prototype pollution vulnerability

### Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. ### Patches This is fixed in matrix-react-sdk 3.53.0 ### Workarounds There are no workarounds. Please upgrade immediately. ### References https://learn.snyk.io/lessons/prototype-pollution/javascript/ ### For more information If you have any questions or comments about this advisory please email us at [security at matrix.org](mailto:[email protected]).

GHSA-rfv9-x7hh-xc32: matrix-js-sdk Prototype Pollution vulnerability

### Impact Events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. ### Patches This is fixed in matrix-js-sdk 19.4.0. ### Workarounds Redacting applicable events, waiting for the sync processor to store data, and restarting the client can often fix it. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible. ### References https://learn.snyk.io/lessons/prototype-pollution/javascript/ ### For more information If you have any questions or comments about this advisory please email us at [security at matrix.org](mailto:[email protected]).

GHSA-5r3x-p7xx-x6q5: Comrak AST node data is not validated (GHSL-2023-049)

### Impact A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins`. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes contain `[u8]` fields which the formatting code assumes is valid UTF-8 data. Several bugs can be triggered if this is not the case. ### Patches 0.17.0 contains adjustments to the AST, storing strings instead of unvalidated byte arrays. ### Workarounds * Validate UTF-8 correctness of all data when assigning to `&[u8]` and `Vec<u8>` fields in the AST. ### References n/a

GHSA-xxmq-4vph-956w: Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)

### Impact comrak is vulnerable to the upstream cmark issue, ["Issue revealed by fuzzer"](https://github.com/commonmark/cmark/issues/354). A large number of references in a markdown document can trigger an overly large response. ### Patches 0.17.0 contains https://github.com/kivikakk/comrak/commit/70f97f3ea4eae30ffbd1b94c764a3de2f1c41d2a, which limits reference output to a 100Kb maximum. ### Workarounds n/a ### References * https://github.com/commonmark/cmark/issues/354