ghsa

### Vulnerability type Data Validation ### Detail In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md)

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.

### Impact For applications using JWT or session-based authentication (not OIDC), users can input a login string which can cause a denial of service, as parsing it will be too complex. Here is an example: https://gist.github.com/atomfrede/311f8a9c6eb74c5c5226af0481155207 The vulnerable expression was never officially released. So only when you generated an application from the master branch between 6.8.0 and 6.9.0 your generated application may be vulnerable. ### Patches If you only used official releases you don't need to patch your application. ### Workarounds If you have created an application from the master branch, you need to adapt the `LOGIN_REGEX` in `Constants.java`. If your regex is ``` ^[a-zA-Z0-9!#$&'*+=?^_`{|}~.-]+@?[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$ ``` you need to change it too ``` ^(?>[a-zA-Z0-9!$&*+=?^_`{|}~.-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*)|(?>[_.@A-Za-z0-9-]+)$ ``` If you still have `^[_.@A-Za-z0-9-]*$` there is no need to change it, except you would...

### Impact Arbitrary additional email headers can be injected via crafted From or Sender headers. ### Patches Fixed in 2.2.1 ### Workarounds Filter user-supplied values prior to using them in From or Sender properties. ### References https://nvd.nist.gov/vuln/detail/CVE-2012-0796 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)

### Impact Setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. > **Note** > This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set `$secure = true` in `Config\Cookie`. ```php helper('cookie'); $cookie = [ 'name' => $name, 'value' => $value, ]; set_cookie($cookie); // or $this->response->setCookie($cookie); ``` ### Patches Upgrade to v4.2.7 or later. ### Workarounds 1. Specify the options explicitly. ```php helper('cookie'); $cookie = [ 'name' => $name, 'value' => $value, 'secure' => true, 'httponly' => true, ]; set_cookie($cookie); // or $this->response->setCookie($cookie); ``` 2. Use Cookie object. ```php use CodeIgniter\Cookie\Cookie; helper('cookie'); $cookie = new Cookie($name, $value); set_cookie($cookie); // or $this->response->...

### Impact The `github.com/sylabs/sif/v2/pkg/integrity` package does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. ### Patches A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. ### Workarounds Users may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. ### References * [CVE-2004-2761](https://nvd.nist.gov/vuln/detail/cve-2004-2761) * [CVE-2005-4900](https://nvd.nist.gov/vuln/detail/cve-2005-4900) ### For more information If you have any questions or comments about this advisory: * Open an issue in [github.com/sylabs/sif](https://github.com/sylabs/sif/issues/new) * Email us at [[email protected]](mailto:[email protected])

### Impact Reader::read_from_container can cause an infinite loop when a crafted PNG file is given. ### Patches Version 0.5.3 includes the fix. ### Workarounds No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected. ### References * <https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2> * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21235> ### For more information If you have any questions or comments about this advisory: * Open an issue in [github.com/kamadak/exif-rs](https://github.com/kamadak/exif-rs)

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the `phar://` wrapper.

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.

Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except `compile()` and `compilePath()` function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.