ghsa

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958.

All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

# Microsoft Security Advisory CVE-2023-21808: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in how .NET reads debugging symbols, where reading a malicious symbols file may result in remote code execution. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/runtime/issues/82112 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.2 or earlier. * Any .NET 6.0 application running on .NET 6.0.13 or earlier. If your application uses the following package versions, ensure ...

Version 0.7.1 of the `cortex-m-rt` crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling `main` (or any other specified entrypoint), violating the [stack ABI of AAPCS32], the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2 of the `cortex-m-rt` crate. This regression can cause certain compiler optimizations (which assume the eight-byte alignment) to produce incorrect behavior at runtime. This incorrect behavior has been [observed in real-world applications]. **It is advised that ALL users of `v0.7.1` and `v0.7.2` of the `cortex-m-rt` crate update to the latest version (`v0.7.3`), AS SOON AS POSSIBLE.** Users of `v0.7.0` and prior versions of `cortex-m-rt` are not affected by this regression. It will be necessary to rebuild all affected firmware binaries, and flash or deploy the new firmware binaries to affected devices. [stack ABI of AAPCS32]: https://github.com/ARM-software/abi-aa/blob/edd7460d87493f...

### Impact * The multipart body parser accepts an unlimited number of file parts. * The multipart body parser accepts an unlimited number of field parts. * The multipart body parser accepts an unlimited number of empty parts as field parts. ### Patches This is fixed in v7.4.1 (for Fastify v4.x) and v6.0.1 (for Fastify v3.x). ### Workarounds There are no known workaround. ### References Reported at https://hackerone.com/reports/1816195.

### Impact This vulnerability allows a malicious actor with access to add or modify content in an instance of the Backstage software catalog to inject script URLs in the entities stored in the catalog. If users of the catalog then click on said URLs, that can lead to an XSS attack. ### Patches This vulnerability has been patched in both the frontend and backend implementations. The default `Link` component from `@backstage/core-components` will now reject `javascript:` URLs, and there is a global override of `window.open` to do the same. In addition the catalog model as well as the catalog backend now has additional validation built in that prevents `javascript:` URLs in known annotations. ### Workarounds The general practice of limiting access to modifying catalog content and requiring code reviews greatly helps mitigate this vulnerability. ### For more information If you have any questions or comments about this advisory: * Open an issue in the [Backstage repository](https:/...

### Impact The `MultipartParser` using the package `python-multipart` accepts an unlimited number of multipart parts (form fields or files). Processing too many parts results in high CPU usage and high memory usage, eventually leading to an <abbr title="out of memory">OOM</abbr> process kill. This can be triggered by sending too many small form fields with no content, or too many empty files. For this to take effect application code has to: * Have `python-multipart` installed and * call `request.form()` * or via another framework like FastAPI, using form field parameters or `UploadFile` parameters, which in turn calls `request.form()`. ### Patches The vulnerability is solved in Starlette 0.25.0 by making the maximum fields and files customizable and with a sensible default (1000). Applications will be secure by just upgrading their Starlette version to 0.25.0 (or FastAPI to 0.92.0). If application code needs to customize the new max field and file number, there are new `req...

Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDNI and RMI. Users of Apache Sling JCR Base are recommended to upgrade to Apache Sling JCR Base 3.1.12 or later, or to run on a more recent JDK.