Source
ghsa
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
sanitize-url (aka @braintree/sanitize-url) before 6.0.1 allows XSS via HTML entities.
All versions of the package rangy are vulnerable to Prototype Pollution when using the `extend()` function in file `rangy-core.js`.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype.
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.
pdf_info 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used.
### Impact This is a vulnerability which affects anyone using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`) with Gradio versions older than 3.13.1. In these older versions of Gradio, a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. ### Patches The problem has been patched. Ideally, users should upgrade to `gradio==3.19.1` or later where the FRP solution has been properly tested. ### Credit Credit to Greg Sadetsky and Samuel Tremblay-Cossette for alerting the team
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
### Impact Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. ### Patches Patch is under development. The vulnerability will be fixed in MantisBT version 2.25.6. ### Workarounds None ### Credits Thanks to [d3vpoo1](https://github.com/jrckmcsb) for reporting the issue. ### References - https://mantisbt.org/bugs/view.php?id=31086
### Impact Providing an invalid value to the `where` option of a query caused Sequelize to ignore that option instead of throwing an error. A finder call like the following did not throw an error: ```ts User.findAll({ where: new Date(), }); ``` As this option is typically used with plain javascript objects, be aware that this only happens at the top level of this option. ### Patches This issue has been patched in [`[email protected]`](https://github.com/sequelize/sequelize/pull/15699) & [`@sequelize/[email protected]`](https://github.com/sequelize/sequelize/pull/15375) ### References A discussion thread about this issue is open at https://github.com/sequelize/sequelize/discussions/15698 CVE: CVE-2023-22579 Snyk: https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090