Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-4m6j-23p2-8c54: Armeria SAML authentication bypass due to missing validation on unsigned SAML messages

### Impact The SAML implementation provided by `armeria-saml` currently accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected. ### Patches The vulnerability has been patched in Armeria version 1.27.2. All users who rely on `armeria-saml` older than version 1.27.2 must upgrade to 1.27.2 or later. ### Workarounds There is no known workaround for this vulnerability. ### References [`SamlMessageUtil.validateSignature()`](https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163)

ghsa
Open in Source
#vulnerability#git#java#auth#maven
GHSA-p4m5-32pr-2hqr: PyPop C extensions possible vulnerability: missing arguments and redundant null pointers

### Impact Code scanning revealed possible vulnerability in C extensions for PyPop: incorrect function calls (missing arguments or wrongly typed arguments) and redundant null pointers. ### Patches The problem has been patched and fixed in the latest release of PyPop: 1.0.2. Please upgrade your PyPop installation via: ``` pip install -U pypop-genomics ``` ### Workarounds No. Upgrade to the latest package: 1.0.2. ### References N/A

GHSA-4gmj-3p3h-gm8h: es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`

### Impact Passing functions with very long names or complex default argument names into `function#copy` or`function#toStringTokens` may put script to stall ### Patches Fixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 Published with v0.10.63 ### Workarounds No real workaround aside of refraining from using above utilities. ### References https://github.com/medikoo/es5-ext/issues/201

GHSA-63h4-w25c-3qv4: Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type

### TL;DR This vulnerability affects Kirby sites that use the new [link field](https://getkirby.com/docs/reference/panel/fields/link) and output the entered link without additional validation or sanitization. The attack commonly requires user interaction by another user or visitor. The link dialog of the writer field is *not* affected as the writer field content is automatically sanitized by the Kirby backend code. You are also already protected if you limit the acceptable link types with the `options` field property. ---- ### Introduction Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such vulnerabilities are critical if you might have potential attackers in your group of authenticated Panel users. They can escalate their privileges if they get access to t...

GHSA-pwr2-4v36-6qpr: orjson does not limit recursion for deeply nested JSON documents

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.

GHSA-v8vj-cv27-hjv8: LangChain Experimental vulnerable to arbitrary code execution

langchain_experimental (aka LangChain Experimental) before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the `__import__`, `__subclasses__`, `__builtins__`, `__globals__`, `__getattribute__`, `__bases__`, `__mro__`, or `__base__` attribute in Python code. These are not prohibited by `pal_chain/base.py`.

GHSA-785g-282q-pwvx: Rack CORS Middleware has Insecure File Permissions

rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.

GHSA-672r-97r7-vx2q: pretix mishandles file validation

pretix before 2024.1.1 mishandles file validation.

GHSA-qpxm-689r-3849: Apache Camel data exposure vulnerability

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

GHSA-h9j7-5xvc-qhg5: langchain Server-Side Request Forgery vulnerability

With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text ) docs = loader.load() ``` An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though `prevent_outside=True`. https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51 Resolved in https://github.com/langchain-ai/langchain/pull/15559