Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-rvgm-35jw-q628: Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

### Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs ``` ` + (function () { // Put Javascript code here return '' }()) + ` ``` The block below shows a valid mermaid code block ````md ```mermaid graph TD; A-->B; A-->C; B-->D; C-->D; ``` ```` The same block but with the exploit added ````md ```mermaid ` + (function () { alert('vulnerable') return '' }()) + ` graph TD; A-->B; A-->C; B-->D; C-->D; ``` ```` ### Patches 1.3.0 and 2.0.0-rc2 ### Workarounds None known

ghsa
Open in Source
#js#java
GHSA-vqc4-v8hc-h2jg: Polynomial regular expression used on uncontrolled data in nitrado.js

### Impact Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. ### Patches Patched in all versions above `0.2.5` ### Workarounds No known work arounds. ### References - OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS) - Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS). - Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity). - James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf). - Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html). - Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).

GHSA-prrh-qvhf-x788: Cross-site Scripting in prestashop/productcomments

### Impact An attacker could steal an admin's cookie ### Patches The issue is fixed in 5.0.2 ### References [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')](https://cwe.mitre.org/data/definitions/79.html)

GHSA-jhjh-776m-4765: Denial of service due to incorrect application of event authorization rules

### Impact The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.3/rooms/v10/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including v1.61, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. ### Patches Administrators of homeservers with federation enabled are advised to upgrade to v1.62.0 or higher. ### Workarounds * Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`). ### References * https://github.com/matrix-org/synapse/pull/13087 * https://github.com/matrix-org/synapse/pull/13088 ### For more information If you have...

GHSA-3mc7-4q67-w48m: Uncontrolled Resource Consumption in snakeyaml

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

GHSA-c8fj-4pm8-mp2c: Broken Authorization in ZITADEL Actions

### Impact **Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role `ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. **Actions**, for example, allow creating authorizations (user grants) on newly created users programmatically. Due to a missing authorization check, **Actions** were able to grant authorizations for projects that belong to other organisations inside the same Instance. Granting authorizations via API and Console is not affected by this vulnerability. ### Patches 2.x versions are fixed on >= [2.2.0](https://github.com/zitadel/zitadel/releases/tag/v2.2.0) 1.x versions are fixed on >= [1.87.1](https://github.com/zitadel/zitadel/releases/tag/v1.87.1) ZITADEL recommends upgrading to the latest versions available in due course. ### Workarounds There is no workaround since a patch is already available. ### Who did disclose this During our recu...

GHSA-8mgq-6r2q-82w9: Captcha Bypass in strapi-plugin-ezforms

### Impact Users using any captcha providers ### Patches >0.1.0 ### References [Issue](https://github.com/excl-networks/strapi-plugin-ezforms/issues/15)

GHSA-rv3r-vqjj-8c76: Cross-site scripting from content entered in the tags and multiselect fields

### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such vulnerabilities are critical if you might have potential attackers in your group of authenticated Panel users. They can escalate their privileges if they get access to the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. ### Impact The tags and multiselect fields allow to select tags from an autocompleted list. The tags field also allows to enter new tags or edit existing tags. Kirby already handled escaping of the autocompleted tags, but unfortunately the Panel used HTML rendering for new or edited tags as well as for custom tags from the content file. This allowed **attackers with Panel access** to store malicious HTML code in a tag. Th...

GHSA-7hfp-qfw3-5jxh: Denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. ### Impact The _strvals_ package contains a parser that turns strings into Go structures. For example, the Helm client has command line flags like `--set`, `--set-string`, and others that enable the user to pass in strings that are merged into the values. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with i...

GHSA-wff4-fpwg-qqv3: Unexpected server crash in Next.js

### Impact When specific requests are made to the Next.js server it can cause an `unhandledRejection` in the server which can crash the process to exit in specific Node.js versions with strict `unhandledRejection` handling. - Affected: All of the following must be true to be affected by this CVE - Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting - Next.js version v12.2.3 - Using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server) - Not affected: Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests. ### Patches https://github.com/vercel/next.js/releases/tag/v12.2.4