#git

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system.

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems. The seven flaws, tracked from CVE-2023-40284 through CVE-2023-40290, vary in severity from High to Critical, according to Binarly

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system.

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

### Impact When the exponent is bigger than `r`, the group order of the pairing target group `GT`, the exponentiation à la GLV (`ExpGLV`) can *sometimes* give incorrect results compared to normal exponentiation (`Exp`). The issue impacts all users using `ExpGLV` for exponentiations in `GT`. This does not impact `Exp` and `ExpCyclotomic` which are sound. Also note that GLV methods in G1 and G2 are sound and _not_ impacted. ### Patches Fix has been implemented in pull request https://github.com/Consensys/gnark-crypto/pull/451 and merged in commit https://github.com/Consensys/gnark-crypto/commit/ec6be1a037f7c496d595c541a8a8d31c47bcfa3d to master branch. The fix increased the bounds of the sub-scalars by 1. In fact, since https://github.com/Consensys/gnark-crypto/pull/213, we use a fast scalar decomposition that tradeoffs divisions (needed in the Babai rounding) by right-shifts. We precompute `b=2^m*v/d (m > log2(d))` and then at runtime compute `scalar*b/2^m` (`v` is a lattice vector ...

### Impact An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the `ni-measurementlink-service` Python package and all previous versions. ### Patches Upgrade all Python measurement plug-ins to use `ni-measurementlink-service` version 1.1.1 or later. ### References Visit [ni.com/info](http://www.ni.com/info) and enter the info code `cve-2023-4570` for more information.

Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse and causing immediate termination of the server process. ### Impact This is a denial of service vulnerability, impacting all users of affected versions of Vapor. Because the crash is an explicit assertion failure, there is no corruption of process state and no risk of data leakage or unauthorized code execution. Total impact is limited to an immediately recoverable service interruption. ### Patches The issue is fixed as of Vapor release 4.84.2. ### Workarounds None known at this time. ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Vapor repo](https://github.com/vapor/vapor) * Ask in [Vapor Discord](http://vapor.team) ### Acknowledgements Full credit for reporting this issue goes to @t0rchwo0d, with additional thanks for responsibly disclosing.

### Summary IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. ### Details See https://github.com/micronaut-projects/micronaut-security/blob/master/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/IdTokenClaimsValidator.java#L202 This logic violates point 3 of https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation. Workaround exists by setting `micronaut.security.token.jwt.claims-validators.audience` with valid values. `micronaut.security.token.jwt.claims-validators.openid-idtoken` can be kept as default on. ### PoC Should probably be: ```java return issuer.equalsIgnoreCase(iss) && audiences.contains(clientId) && validateAzp(claims, clientId, audiences); ``` ### Impact Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared.