Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-9r9m-ffp6-9x4v: vue-i18n has cross-site scripting vulnerability with prototype pollution

### Vulnerability type XSS ### Description vue-i18n can be passed locale messages to `createI18n` or `useI18n`. we can then translate them using `t` and `$t`. vue-i18n has its own syntax for local messages, and uses a message compiler to generate AST. In order to maximize the performance of the translation function, vue-i18n uses bundler plugins such as `@intlify/unplugin-vue-i18n` and bulder to convert the AST in advance when building the application. By using that AST as the locale message, it is no longer necessary to compile, and it is possible to translate using the AST. The AST generated by the message compiler has special properties for each node in the AST tree to maximize performance. In the PoC example below, it is a `static` property, but that is just one of the optimizations. About details of special properties, see https://github.com/intlify/vue-i18n/blob/master/packages/message-compiler/src/nodes.ts In general, the locale messages of vue-i18n are optimized during produ...

ghsa
Open in Source
#xss#vulnerability#git
GHSA-pxm4-r5ph-q2m2: SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

# Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. ## Mitigation: Remove the `LIBXML_DTDLOAD | LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41 ## Background / details To be published on Dec 8th

GHSA-6943-qr24-82vx: sftpgo vulnerable to brute force takeover of OpenID Connect session cookies

### Impact The OpenID Connect implementation, in the affected SFTPGo versions, allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the [xid](https://github.com/rs/xid) library and are therefore unique but not cryptographically secure. ### Patches This issue was fixed in version v2.6.4, where cookies are opaque and cryptographically secure strings. ### References https://github.com/drakkan/sftpgo/commit/f30a9a2095bf90c0661b04fe038e3b7efc788bc6

GHSA-4cx5-89vm-833x: veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability

### Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. ### Patches We are currently working on a patch that will be released when ready. ### Workarounds This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. ### References Original issue: #1488

GHSA-2x65-fpch-2fcm: SimpleSAMLphp xml-common XXE vulnerability

# Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. ## Mitigation: Remove the `LIBXML_DTDLOAD | LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41 ## Background / details To be published on Dec 8.

GHSA-h924-8g65-j9wg: Traefik's X-Forwarded-Prefix Header still allows for Open Redirect

### Impact There is a vulnerability in Traefik that allows the client to provide the `X-Forwarded-Prefix` header from an untrusted source. ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.14 - https://github.com/traefik/traefik/releases/tag/v3.2.1 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues). <details> <summary>Original Description</summary> ### Summary The previously reported open redirect ([GHSA-6qq8-5wq3-86rp](https://github.com/traefik/traefik/security/advisories/GHSA-6qq8-5wq3-86rp)) is not fixed correctly. The safePrefix function can be tricked to return an absolute URL. ### Details The Traefik API [dashboard component](https://github.com/traefik/traefik/blob/master/pkg/api/dashboard/dashboard.go) tries to validate that the value of the header X-Forwarded-Prefix is a site relative path: ```go http.Redirect(resp, req,...

Incident Response Playbooks: Are You Prepared?

The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization.

Microsoft Boosts Device Security With Windows Resiliency Initiative

Microsoft is readying a new release of Windows in 2025 that will have significant security controls, such as more resilient drivers and a "self-defending" operating system kernel.

Malicious Ads in Search Results Are Driving New Generations of Scams

The scourge of “malvertising” is nothing new, but the tactic is still so effective that it's contributing to the rise of investment scams and the spread of new strains of malware.

THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)

Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds. And get this - while we're all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity