Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-8h22-8cf7-hq6g: Rails has possible Sensitive Session Information Leak in Active Storage

# Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a `Set-Cookie` header along with the user's session cookie when serving blobs. It also sets `Cache-Control` to public. Certain proxies may cache the Set-Cookie, leading to an information leak. This vulnerability has been assigned the CVE identifier CVE-2024-26144. Versions Affected: >= 5.2.0, < 7.1.0 Not affected: < 5.2.0, > 7.1.0 Fixed Versions: 7.0.8.1, 6.1.7.7 Impact ------ A proxy which chooses to caches this request can cause users to share sessions. This may include a user receiving an attacker's session or vice versa. This was patched in 7.1.0 but not previously identified as a security vulnerability. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases -------- The fixed releases are available at the normal locations. Workarounds -...

ghsa
#vulnerability#git
GHSA-9822-6m93-xqf4: Rails has possible XSS Vulnerability in Action Controller

# Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers (`translate`, `t`, etc) in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: >= 7.0.0. Not affected: < 7.0.0 Fixed Versions: 7.1.3.1, 7.0.8.1 Impact ------ Applications using translation methods like `translate`, or `t` on a controller, with a key ending in "_html", a `:default` key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. For example, impacted code will look something like this: ```ruby class ArticlesController < ApplicationController def show @message = t("message_html", default: untrusted_input) # The `show` template displays the contents of `@message` end end ``` To reiterate the pre-conditions, applications must: * Use a translation function from a controller (i.e. _not_ I18n.t, or `t` f...

GHSA-jjhx-jhvp-74wq: Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch

# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: >= 7.1.0, < 7.1.3.1 Not affected: < 7.1.0 Fixed Versions: 7.1.3.1 Impact ------ Carefully crafted Accept headers can cause Accept header parsing in Action Dispatch to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or use one of the workarounds immediately. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- There are no feasible workarounds for this issue. Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the two supported...

GHSA-x5r5-2qrx-rqj8: Transparent TLS may not be applied to Marbles with certain manifest configurations

Transparent TLS (TTLS) is a MarbleRun feature that wraps plain TCP connections between Marbles in TLS. In the manifest, a user defines the connections that should be considered. ### Impact If a Marble is configured for TTLS, but doesn't have an environment variable defined in its parameters, TTLS is not applied. The traffic will not be encrypted. MarbleRun deployments that don't use TTLS (which is only available with EGo Marbles) are not affected. ### Patches The issue has been patched in [`v1.4.1`](https://github.com/edgelesssys/marblerun/releases/tag/v1.4.1). ### Workarounds Make sure that all Marbles that use TTLS have an environment variable defined in their parameters. ### References For a description of TTLS, see <https://docs.edgeless.systems/marblerun/features/transparent-TLS> See the updated section on TTLS configuration in the manifest: <https://docs.edgeless.systems/marblerun/workflows/define-manifest#tls>

GHSA-qrp9-23p7-g5mf: Apache Ambari XML External Entity injection

XML External Entity injection in Apache Ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation. This vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.

GHSA-jw7r-rxff-gv24: Apache James MIME4J improper input validation vulnerability

Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

GHSA-xxf8-fpmr-fw7v: Subrion CMS vulnerable to SQL Injection

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.

GHSA-q4qh-8pxw-r48q: Subrion CMS vulnerable to Cross Site Scripting

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php.

Safe Data Sharing Practices: How to Avoid Data Leaks

By Owais Sultan The Internet offers a convenient platform for sharing data, but it also brings the risk of data leaks.… This is a post from HackRead.com Read the original post: Safe Data Sharing Practices: How to Avoid Data Leaks

Ubuntu Security Notice USN-6662-1

Ubuntu Security Notice 6662-1 - Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 21 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.