Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-h8p2-8g72-qpgh: Apache Airflow Google Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.

ghsa
#vulnerability#google#apache#git
GHSA-j69x-v4wc-3fpf: Apache Airflow Sqoop Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

GHSA-q8gg-vj6m-hgmj: @braintree/sanitize-url Cross-site Scripting vulnerability

sanitize-url (aka @braintree/sanitize-url) before 6.0.1 allows XSS via HTML entities.

GHSA-65rp-mhqf-8gj3: rangy vulnerable to Prototype Pollution

All versions of the package rangy are vulnerable to Prototype Pollution when using the `extend()` function in file `rangy-core.js`.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype.

GHSA-prjg-28jg-m3p5: RosarioSIS Improper Access Control vulnerability

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.

GHSA-9fh3-j99m-f4v7: Code injection in pdf_info

pdf_info 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used.

GHSA-3x5j-9vwr-8rr5: Update share links to use FRP instead of SSH tunneling

### Impact This is a vulnerability which affects anyone using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`) with Gradio versions older than 3.13.1. In these older versions of Gradio, a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. ### Patches The problem has been patched. Ideally, users should upgrade to `gradio==3.19.1` or later where the FRP solution has been properly tested. ### Credit Credit to Greg Sadetsky and Samuel Tremblay-Cossette for alerting the team

GHSA-c57v-hc7m-8px2: Cross-site Scripting in Quarkus

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

GHSA-hf4x-6h87-hm79: MantisBT may expose private issues' summaries to unauthorized users

### Impact Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. ### Patches Patch is under development. The vulnerability will be fixed in MantisBT version 2.25.6. ### Workarounds None ### Credits Thanks to [d3vpoo1](https://github.com/jrckmcsb) for reporting the issue. ### References - https://mantisbt.org/bugs/view.php?id=31086

GHSA-vqfx-gj96-3w95: Unsafe fall-through in getWhereConditions

### Impact Providing an invalid value to the `where` option of a query caused Sequelize to ignore that option instead of throwing an error. A finder call like the following did not throw an error: ```ts User.findAll({ where: new Date(), }); ``` As this option is typically used with plain javascript objects, be aware that this only happens at the top level of this option. ### Patches This issue has been patched in [`[email protected]`](https://github.com/sequelize/sequelize/pull/15699) & [`@sequelize/[email protected]`](https://github.com/sequelize/sequelize/pull/15375) ### References A discussion thread about this issue is open at https://github.com/sequelize/sequelize/discussions/15698 CVE: CVE-2023-22579 Snyk: https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090