#git

### Impact The default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. ### Patches Update to v2.1.0 ### Workarounds Use the `baseDir` option ### References [HackerOne report ](https://hackerone.com/reports/2312369).

### Summary A **stored cross-site scripting (XSS)** vulnerability was found in the **key_value** field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. ### Details The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability can be exploited by an attacker to inject malicious JavaScript code into the key_value field. When a victim views the page containing the malicious code, the code will be executed in their browser. In [avo/fields/common/key_value_component.html.erb]( https://github.com/avo-hq/avo/blob/main/app/components/avo/fields/common/key_value_component.html.erb#L38C21-L38C33) the value is taken in lines **38** and **49** and seems to be interpreted directly as html in lines **44** and **55**. ### PoC ![POC](https://user-images.githubuserc...

Gentoo Linux Security Advisory 202401-21 - A vulnerability has been found in KTextEditor where local code can be executed without user interaction. Versions greater than or equal to 5.90.0-r2 are affected.

MailCarrier version 2.51 remote denial of service exploit.

Ubuntu Security Notice 6580-1 - It was discovered that w3m incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

LightFTP version 1.1 remote denial of service exploit.

By Uzair Amir Imagine a world where you could bet on the digital currencies of the future without actually holding any… This is a post from HackRead.com Read the original post: Navigating the new frontier of cryptocurrency futures

By Owais Sultan In the rapidly evolving digital world, data management has become a vital component of success for small businesses.… This is a post from HackRead.com Read the original post: Data Management for Small Businesses

GitLab has warned about a critical vulnerability that allows an attacker to change passwords without user interaction.

Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t anything malicious, but with modern web environments being so complex, mistakes can happen, and non-compliance fines can be just an oversight away.Download the full case study here. As a child,