Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-vwg4-846x-f94v: usememos/memos vulnerable due to improper authentication

usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos versions prior to 0.9.0 are vulnerable to improper authorization, which can allow a user to modify the nickname, username and email of other users without permission.

ghsa
#git#auth
GHSA-qcw2-492v-57xj: usememos/memos missing Secure cookie attribute

usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking.

GHSA-68gw-r2x5-7r5r: usememos/memos Improper Authentication vulnerability

Improper Authentication in GitHub repository usememos/memos prior to 0.9.0.

GHSA-qr52-59r6-49f4: usememos/memos Improper Access Control vulnerability

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.

GHSA-fv6c-rfg3-gvjw: usememos/memos makes Incorrect Use of Privileged APIs

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.

GHSA-r9hx-vwmv-q579: pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)

Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`. This has been patched in version 65.5.1.

GHSA-qwmp-2cf2-g9g6: pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)

Python Packaging Authority (PyPA) Wheel is a reference implementation of the Python wheel packaging standard. Wheel 0.37.1 and earlier are vulnerable to a Regular Expression denial of service via attacker controlled input to the wheel cli. The vulnerable regex is used to verify the validity of Wheel file names. This has been patched in version 0.38.1.

GHSA-6mv3-wm7j-h4w5: Tauri Filesystem Scope Glob Pattern is too Permissive

### Impact The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Example: The `fs` scope `$HOME/*.key` would also allow `$HOME/.ssh/secret.key` to be read even though it is in a sub directory of `$HOME` and is inside a hidden folder. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. ### Patches The issue has been patched in the latest release and was backported into the currently supported 1.x branches. ### Workarounds No workaround is known at the time of publication. ### References The original report contained information that the `dialog.open` component automatically allows one sub directory to be read, regardless of the `recursive` option. Imagine a file system looking like ``` o ../ o documents/ - file.txt - deeper/ o deep_file.txt ``` Reproduction steps: ...

GHSA-6cq5-8cj7-g558: CodeIgniter4 Potential Session Handlers Vulnerability

### Impact When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). ### Patches Upgrade to v4.2.11 or later. ### Workarounds - Use only one session cookie. ### References - https://codeigniter4.github.io/userguide/libraries/sessions.html#session-drivers ### For more information If you have any questions or comments about this advisory: * Open an issue in [codeigniter4/CodeIgniter4](https://github.com/codeigniter4/CodeIgniter4/issues) * Email us at [SECURITY.md](https://github.com/codeigniter4/CodeIgniter4/blob/develop/SECURITY.md)

GHSA-ghw3-5qvm-3mqc: CodeIgniter4 allows spoofing of IP address when using proxy

### Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. ### Patches Upgrade to v4.2.11 or later, and configure `Config\App::$proxyIPs`. ### Workarounds Do not use `$request->getIPAddress()`. ### References - https://codeigniter4.github.io/userguide/incoming/request.html#CodeIgniter\HTTP\Request::getIPAddress ### For more information If you have any questions or comments about this advisory: * Open an issue in [codeigniter4/CodeIgniter4](https://github.com/codeigniter4/CodeIgniter4/issues) * Email us at [SECURITY.md](https://github.com/codeigniter4/CodeIgniter4/blob/develop/SECURITY.md)