ghsa

There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572. Versions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1 Impact Carefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Releases The fixed releases are available at the normal locations. Workarounds There are no feasible workarounds for this issue. Patches To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. 2-0-Forbid-control-characters-in-attributes.patch - Patch for 2.0 series 2-1-Forbid-control-characters-in-attributes.patch - Patch f...

There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: >= 0.2.1 Not affected: NOTAFFECTED Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the GlobalID gem. Carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases The FIXED releases are available at the normal locations. Workarounds There are no feasible workarounds for this issue. Patches To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. 1-0-model-name-redos.patch - Patch for 1.0 series

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `Cookie.parse` function and other aspects of the API, which use an insecure regular expression for parsing cookie values. Applications could be stalled for extended periods of time if untrusted input is passed to cookie values or attempted to parse from request headers. Proof of concept: ``` ts\nconst { CookieJar } = require("cookiejar"); const jar = new CookieJar(); const start = performance.now(); const attack = "a" + "t".repeat(50_000); jar.setCookie(attack); console.log(`CookieJar.setCookie(): ${performance.now() - start}ms`); ``` ``` CookieJar.setCookie(): 2963.214399999939ms ```

A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file `lib/spintax.js`. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456.

mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a malicious way, then mechanize could crash. Version 0.4.6 has a patch for the issue.

### Impact In Twig environment **without the Sandbox extension**, it is possible to refer to PHP functions in twig filters like `map`, `filter`, `sort`. This allows in the template to call any global PHP function. ### Patches The problem has been fixed with 6.4.18.1 with an override of the specified filters until the integration of the Sandbox extension has been finished. ### Workarounds For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. ### References https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates

### Impact It is possible to put the same line item multiple one in the cart using API, the Cart Validators checked the line item's individuality and the user was able to skip the clearance sale in cart ### Patches The problem has been fixed with 6.4.18.1 ### Workarounds For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Or disable the newsletter registration completely. ### References https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function `to_plain` of the file `lib/sisimai/string.rb`. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.