ghsa

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. NPM package [angular](https://www.npmjs.com/package/angular) is deprecated. Those who want to receive security updates should use the actively maintained package [@angular/core](https://www.npmjs.com/package/@angular/core).

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.

Versions of `distributed` earlier than `2021.10.0` had a potential security vulnerability relating to single-machine Dask clusters. Clusters started with `dask.distributed.LocalCluster` or `dask.distributed.Client()` (which defaults to using `LocalCluster`) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on `localhost`. A Dask cluster created using this method AND running on a machine that has these ports exposed could be used by a sophisticated attacker to enable remote code execution. Users running on machines with standard firewalls in place, or using clusters created via cluster objects other than `LocalCluster` (e.g. `dask_kubernetes.KubeCluster`) should not be affected. This vulnerability is documented in CVE-2021-42343, and was fixed in version `2021.10.0` (PR #5427).

### Impact This vulnerability allows bypassing host policies for IPv6 traffic coming from a Cilium-managed pod and destined to the host-network namespace (e.g., to a host-network pod). Host policy enforcement on IPv4 or for traffic coming from outside the node is not affected. Cilium is only affected by this vulnerability if IPv4, IPv6, endpoint routes, and the host firewall are enabled. Note that endpoint routes are typically only enabled in GKE, EKS, AKS, and OpenShift; in those environments, IPv6 is typically disabled. Host firewall is disabled by default. ### Patches The bug is fixed in versions v1.10.13 and v1.11.7 of Cilium. ### Workarounds For affected users who can't upgrade, one potential workaround is to ensure all pods have network policies that prevent sending arbitrary traffic to the local node. ### References N/A ### For more information If you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/commun...

### Impact This only impacts users that use the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. Example: ```javascript import cp from "node:child_process"; import * as shescape from "shescape"; // 1. Prerequisites const options = { shell: "bash", // Or shell: "dash", // Or shell: "powershell.exe", // Or shell: "zsh", // Or shell: undefined, // Only if the default shell is one of the affected shells. }; // 2. Attack (one of multiple) const payload = "foo #bar"; // 3. Usage let escapedPayload; shescape.escape(payload, { interpolation: true }); // Or shescape.escapeAll(payload, { interpolation: true }); cp.execSync(`echo Hello ${escapedPayload}!`, options); // _Output depends on the shell being used_ ``` The result is that if an attacker is able to include whitespace in their input they can: 1. Invoke shell-specific behaviour through shell-specific special characters inserted directly after whitespace. - Affected shells: _Bash_...