#git

### Summary Reposilite v3.5.10 is affected by Stored Cross-Site Scripting (XSS) when displaying artifact's content in the browser. ### Details As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies in the fact that the artifact's content is served via the same origin (protocol/host/port) as the Admin UI. If the artifact contains HTML content with javascript inside, the javascript is executed within the same origin. Therefore, if an authenticated user is viewing the artifacts content, the javascript inside can access the browser's local storage where the user's password (aka 'token-secret') is stored. It is especially dangerous in scenarios where Reposilite is configured to mirror third party repositories, like the Maven Central Repository. Since anyone can publish an artifact to Maven Central under its own name, such malicious packages can be used to attack the Repos...

The state-sponsored Chinese threat actor gained access to three systems and stole at least some research data around computing and related technologies.

The FBI warns about scammers that impersonate employees of cryptocurrrency exchanges as a means to defraud victims

Social Security numbers, death certificates, voter applications, and other personal data were accessible on the open internet, highlighting the ongoing challenges in election security.

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as

A simple toggle in Proofpoint's email service allowed for brand impersonation at an industrial scale. It prompts the question: Are secure email gateways (SEGs) secure enough?

Red Hat Security Advisory 2024-4972-03 - An update is now available for Red Hat OpenShift GitOps v1.11.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

### Impact Any servers using soft-serve server and git ### Patches >0.7.5 ### Workarounds None. ### References n/a. --- It is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as `LD_PRELOAD`. This can be exploited to execute arbitrary code by, for example, uploading a malicious shared object file to Soft Serve via Git LFS (uploading it via LFS ensures that it is not compressed on disk and easier to work with). The file will be stored under its SHA256 hash, so it has a predictable name. This file can then be referenced in `LD_PRELOAD` via a Soft Serve SSH session that causes git to be invoked. For example: ```bash LD_PRELOAD=/.../data/lfs/1/objects/a2/b5/a2b585befededf5f95363d06d83655229e393b1b45f76d9f989a33666866...

### Impact The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability. ### Patches The REXML gem 3.3.3 or later include the patch to fix the vulnerability. ### Workarounds Don't parse untrusted XMLs with SAX2 or pull parser API. ### References * https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ : This is a similar vulnerability * https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946/: An announce on www.ruby-lang.org

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/10251