Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-3p6v-hrg8-8qj7: @mozilla/readability Denial of Service through Regex

Specially crafted titles may have caused a regular expression to excessively backtrack and cause a local denial of service. Additional Details are [available at Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1948833) Credit: DayShift

ghsa
#vulnerability#web#dos#auth
GHSA-5565-3c98-g6jc: WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack

### Impact A vulnerability was found in OIDC-Client. When using the elytron-oidc-client subsystem with WildFly, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack. ### Patches [2.2.9.Final](https://github.com/wildfly-security/wildfly-elytron/releases/tag/2.2.9.Final) [2.6.2.Final](https://github.com/wildfly-security/wildfly-elytron/releases/tag/2.6.2.Final) ### Workarounds Currently, no mitigation is currently available for this vulnerability. ### References https://nvd.nist.gov/vuln/detail/CVE-2024-12369 https://access.redhat.com/security/cve/CVE-2024-12369 https://bugzilla.redhat.com/show_bug.cgi?id=2331178 https://issues.redhat.com/browse/ELY-2887

GHSA-7287-grhx-542x: Pixelfed may allow unauthorized actor to view private posts and private users

Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance.

GHSA-qrv3-jc3h-f3m6: Frappe vulnerable to information disclosure leading to account takeover

### Impact Making crafted requests could lead to information disclosure that could further lead to account takeover. ### Workarounds There's no workaround to fix this without upgrading. ### Credits Thanks to Thanh of Calif.io for reporting the issue

GHSA-v342-4xr9-x3q3: Frappe has Possibility of Remote Code Execution due to improper validation

### Impact A system user was able to create certain documents in a specific way that could lead to RCE. ### Workarounds There's no workaround, an upgrade is required. ### Credits Thanks to Thanh of Calif.io for reporting the issue

GHSA-3hj6-r5c9-q8f3: Frappe has possibility of SQL injection due to improper validations

### Impact An SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. ### Workarounds Upgrading is required, no other workaround is present. ### Credits Thanks to Thanh of Calif.io for reporting the issue

GHSA-x574-m823-4x7w: Vite bypasses server.fs.deny when using ?raw??

### Summary The contents of arbitrary files can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. ### Details `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. ### PoC ```bash $ npm create vite@latest $ cd vite-project/ $ npm install $ npm run dev $ echo "top secret content" > /tmp/secret.txt # expected behaviour $ curl "http://localhost:5173/@fs/tmp/secret.txt" <body> <h1>403 Restricted</h1> <p>The request url &quot;/tmp/secret.txt&quot; is outside of Vite serving allow list. # security bypassed $ curl "http://localhost:517...

GHSA-2935-2wfm-hhpv: Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.

GHSA-fwwp-xcxw-39vq: ingress-nginx controller - configuration injection via unsanitized auth-url annotation

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

GHSA-823x-fv5p-h7hw: ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)