#git

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

A vulnerability has been identified in microweber where users can purchase items with a coupon code. If the admin disables the use of the coupon code functionality, but the user sends requests to the API that handles the coupon code, the user can exploit the vulnerability and obtain items at a lower price.

### Impact XSS, anyone using the SPS Select with options prop populated from user input is impacted. If these options are stored, then it could have been a stored XSS. ### Patches The code has been patched for version 7 of woodland. Users should upgrade to 7.17.4 or higher ### Workarounds This is not recommended. If you are not upgrading then you would need to sanitize your options yourself (including those currently stored in databases). This is not recommended. ### References https://github.com/SPSCommerce/woodland/blob/c49e999f97f3c0b56502859f4de1e8c6666dd74d/packages/ds-react/src/option-list/SpsOptionList.tsx#L559

### Impact The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources. TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter. The code to reproduce it. The server side application: ```ts import { Hono } from 'hono' import { TrieRouter } from 'hono/router/trie-router' const wait = async (ms: number) => { return new Promise((resolve) => { setTimeout(resolve, ms) }) } const app = new Hono({ router: new TrieRouter() }) app.use('*', async (c, next) => { await wait(Math.random() * 200) return next() }) app.get('/modules/:id/versions/:version', async (c) => { const id = c.req.param('id') const version = c.req.param('version') console.log('path', c.req.path) console.log('version', version) return c.json({ id, version, ...

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the recency parameter in models/web_progress.py component.

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py component.

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cvg2-7c3j-g36j. This link is maintained to preserve external references. ## Original Description A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

By Waqas Polish authorities and FortiGuard Labs have issued a warning to customers about a new wave of cyberattacks associated with TeamCity. This is a post from HackRead.com Read the original post: Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach