ghsa

### Impact This vulnerability allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. Please note the misleadingly named `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access rather it depends on the existing `sandbox` setting. If your application is sandboxed then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs (which includes `ipcRenderer`). If your application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. ### Patches This has been patched and the following Electron versions contain the fix: * `18.0.0-beta.6` * `17.2.0` * `16.2.6` * `15.5.5` ### Workarounds Ensure that all IPC message handlers appropriately valida...

Affects: Notebook and Lab between 6.4.0?(potentially earlier) and 6.4.11 (currently latest). Jupyter Server <=1.16.0. If I am correct about the responsible code it will affect Jupyter-Server 1.17.0 and 2.0.0a0 as well. Description: If notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this url can be used from an xss payload (as in CVE-2021-32798) or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system.

### Impact _What kind of vulnerability is it? Who is impacted?_ Authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege esc...

This crate allows you to write safe functions with unsafe bodies without the `unsafe` keyword. The value this adds is questionable, and hides `unsafe` usages from naive analysis.

An issue was discovered in the http crate before 0.1.20 for Rust. HeaderMap::reserve() has an integer overflow that allows attackers to cause a denial of service.

** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

### Impact Versions [4.23.0](https://rubygems.org/gems/octokit/versions/4.23.0) and [4.24.0](https://rubygems.org/gems/octokit/versions/4.24.0) of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. Malicious code already present and running on your machine, separate from this package, could modify the gem’s files and change its behavior during runtime. ### Patches * [octokit 4.25.0](https://rubygems.org/gems/octokit/versions/4.25.0) ### Workarounds Users can use the previous version of the gem [v4.22.0](https://rubygems.org/gems/octokit/versions/4.22.0). Alternatively, users can modify the file permissions manually until they are able to upgrade to the la...

### Impact Version [0.2.0](https://rubygems.org/gems/octopoller/versions/0.2.0) of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. Malicious code already present and running on your machine, separate from this package, could modify the gem’s files and change its behavior during runtime. ### Patches * octopoller 0.3.0 ### Workarounds Users can use the previous version of the gem [v0.1.0](https://rubygems.org/gems/octopoller/versions/0.1.0). Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.

### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET Core 3.1, and NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0) where a nuget.org api key could leak due to an incorrect comparison with a server url. ### Affected software #### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 6.2.0 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 6.0.1 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 5.11.1 version or earlier. - Any NuG...

### Impact Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. You are at most risk if you have an Istio ingress Gateway exposed to external traffic. ### Patches 1.12.8, 1.13.5, 1.14.1 ### Workarounds No. ### References More details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-05) ### For more information If you have any questions or comments about this advisory, please email us at [[email protected]](mailto:[email protected])