#git

Affected versions of `ruzstd` miscalculate the length of the allocated and init section of its internal `RingBuffer`, leading to uninitialized or out-of-bounds reads in `copy_bytes_overshooting` of up to 15 bytes. This may result in up to 15 bytes of memory contents being written into the decoded data when decompressing a crafted archive. This may occur multiple times per archive.

Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.

SUMMARY Cybersecurity researchers at Trustwave have discovered “Rockstar 2FA,” a phishing-as-a-service platform designed to help hackers and script…

Versions of the library from 0.2.2 to 1.0.9 are vulnerable to the arbitrary code execution due to unsafe usage of `new Function(...)` in the module that handles points format. Applications passing the 3rd parameter to the `hull` function without sanitising may be impacted. The vulnerability has been fixed in version 1.0.10, please update the library. Check project homepage on GitHub to see how to fetch the latest version: https://github.com/andriiheonia/hull?tab=readme-ov-file#npm-package

### Summary When making any HTTP request, the automatically enabled and self-managed `CookieStore` (aka cookie jar) will silently replace explicitly defined `Cookie`s with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's `Cookie` being used for another user's requests. ### Details This issue is described without security warnings here: https://github.com/AsyncHttpClient/async-http-client/issues/1964 I already have a PR to fix this issue: https://github.com/AsyncHttpClient/async-http-client/pull/2033 ### PoC 1. Add an auth `Cookie` to the `CookieStore` - This is identical to receiving an HTTP response that uses `Set-Cookie`, as shown in issue #1964 above. 2. Handle a different user's request where the same `Cookie` is provided as a passthrough, like a JWT, and attempt to use it by explicitly providing it. 3. Observe that the user's cookie in step 2 is passed as the Cookie in step 1. ### Impact Thi...

### Summary Note: i'm reporting this in this way purely because it's private and i don't want to broadcast vulnerabilities. > An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. ### Details https://github.com/redis/lettuce/blob/main/pom.xml#L67C9-L67C53 The netty version pinned here is currently ``` <netty.version>4.1.113.Final</netty.version> ``` This version is vulnerable according to Snyk and is affecting one of our products:  Here is a [link](https://www.cve.org/CVERecord?id=CVE-2024-47535) to the CVE ### PoC _Complete instructions, including specific configuration details, to reproduce the vulnerability._ Not applicable ### Impact _What kind of vuln...

# Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. ## Mitigation: Remove the `LIBXML_DTDLOAD | LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41 ## Background / details To be published on Dec 8th

### Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix disables compression in these templates. Please make sure to make the same change in your configuration files, see the release notes for specific instructions. ### Patches - See "Patched versions". - v1.0: https://github.com/ibexa/post-install/commit/d91cc02623dd3263a99a94ace133c95e48909e5d - v4.6: https://github.com/ibexa/post-install/commit/ae7c3c2081a862c75b90828f08bd74436ceb8fe8 ### Workarounds Make sure HTTP compression is disabled for REST API requests and other communication that might contain secrets. ### References - Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-comm...

### Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix disables compression in these templates. Please make sure to make the same change in your configuration files, see the release notes for specific instructions. Please check your web server configuration as well. ### Patches - See "Patched versions". - https://github.com/ibexa/http-cache/commit/e03f683e8db53b6d253e1af8177befeecc8d3914 ### Workarounds Make sure HTTP compression is disabled for REST API requests and other communication that might contain secrets. ### References - Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates - Release notes: https://doc.ibexa.co/en/latest/update_an...

### Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix disables compression in these templates. Please make sure to make the same change in your configuration files, see the release notes for specific instructions. Please check your web server configuration as well. ### Patches - See "Patched versions". - https://github.com/ezsystems/ezplatform-http-cache/commit/ca8a5cf69b2c14fbec90412aeeef5c755c51457b ### Workarounds Make sure HTTP compression is disabled for REST API requests and other communication that might contain secrets. ### References - Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates - Release notes: https://doc.ibexa.co/en/l...