Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-4v5m-vwvp-p7w8: Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type

A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files

ghsa
Open in Source
#vulnerability#git
GHSA-crf8-h2wq-2h9x: WASM3 Improper Input Validation vulnerability

WASM3 v0.5.0 was discovered to contain a segmentation fault via the component `op_Select_i32_srs` in `wasm3/source/m3_exec.h`.

GHSA-rgqx-226f-2xp4: steal Inefficient Regular Expression Complexity vulnerability via string variable

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.

GHSA-wc4x-qmr2-rj8h: steal vulnerable to Prototype Pollution via alias variable

Prototype pollution vulnerability in stealjs steal via the alias variable in babel.js.

GHSA-cf7g-cm7q-rq7f: SFTPGo WebClient vulnerable to Cross-site Scripting

### Impact Cross-site scripting (XSS) vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code. ### Patches Fixed in v2.3.5.

GHSA-g4h6-qp44-wqvx: XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups

### Impact It's possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor leads to adding a supplementary empty value to groups which is then resolved as a reference to XWiki.WebHome page. Adding an XWikiGroup xobject to that page then transforms it to a group, any user put in that group would then obtain the privileges related to the edited right. Note that this security issue is normally mitigated by the fact that XWiki.WebHome (and XWiki space in general) should be protected by default for edit rights. ### Patches The problem has been patched in XWiki 13.10.4 and 14.2RC1 to not consider anymore empty values in XWikiRights. ### Workarounds It's possible to workaround the problem by setting appropriate rights on XWiki.WebHome page to prevent users to edit it. ### References * https://jira.xwiki.org/browse/XWIKI-18386 * https://jira.xwiki.org/browse/XWIKI-15776 ### For more infor...

GHSA-gg53-wf5x-r3r6: XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference

### Impact A bug in the security cache is storing rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. ### Patches The problem has been patched in XWiki 12.10.11, 13.10.1, 13.4.6. ### Workarounds No workaround other than patching. ### References https://jira.xwiki.org/browse/XWIKI-14075 https://jira.xwiki.org/browse/XWIKI-18983 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org) * Email us at [Security Mailing List](mailto:[email protected])

GHSA-cmr8-5w4c-44v8: Fastly Compute@Edge JS Runtime has fixed random number seed during compilation

### Impact `Math.random` and `crypto.getRandomValues` methods failed to use sufficiently random values. The initial value to seed the CSPRNG (cryptographically secure pseudorandom number generator) was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. An attacker with access to that same WebAssembly module that calls the affected methods could use the fixed seed to predict random numbers generated by these functions. This information could be used to bypass cryptographic security controls, for example to disclose sensitive data encrypted by functions that use these generators. ### Patches The problem has been fixed in version 0.5.3. Corrected `Math.random` and `crypto.getRandomValues` methods to always use sufficiently random values. The previous versions would use a CSPRNG (cryptographically secure pseudorandom number generator) which we would seed with a random value. However, due to our use of...

GHSA-phjr-8j92-w5v7: CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

GHSA-mcvg-g9wx-v5vx: Valine code injection vulnerability

Valine was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.