An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-36100: Vulnerabilities that allow arbitrary information traversal and modification by any user · Issue #15 · Thecosy/IceCMS

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

corgeman opened this issue

Jul 7, 2023

· 35 comments

**Comments**

The evaluate() function eventually calls eval() on the data provided. eval() is extremely dangerous when supplied with user input and to my knowledge it isn't mentioned that the function does this. I would add a warning in the documentation about this. As a proof-of-concept, the following code should execute the command 'echo verybad' on your computer when ran:

import numexpr
s \= """
(lambda fc=(
    lambda n: \[
        c for c in 
            ().\_\_class\_\_.\_\_bases\_\_\[0\].\_\_subclasses\_\_() 
            if c.\_\_name\_\_ == n
        \]\[0\]
    ):
    fc("function")(
        fc("Popen")("echo verybad",shell=True),{}
    )()
)()
"""
numexpr.evaluate(s)

Yeah developers seem to be using NumExpr more and more as a parser for handling input from a UI. It would be much safer if we could use ast.parse instead. I think adding a warning to the docs is fine, but it would also make sense to me to add an optional sanitizer. We could search the string for various Python keywords that have no business being in an expression, such as:

1.  import
2.  lambda
3.  eval
4.  __ (dunder)
5.  locals
6.  globals

Sanitization could be enabled by default but give the user the means to turn it off.

Alright I implemented a check in 4b2d89c that forbids certain operators used in the expression. Namely: ;, :, [, and __. As far as I can tell this defeats all of the commonly cited attack vectors against eval(). I.e. it bans multiple expressions, lambdas, indexing, and all the dunders. If we want to be very safe, we would want to ban . as a character. However, this is difficult because . is both the reference operator and the decimal operator.

If we want to ban . we could do so if we require it to be followed by a numeral. E.g. 0.1 would pass the check, os.remove would not pass the check. However, this would ban valid Python code such as a * 5. which is a shorthand for casting to double. Perhaps there is someone out their with better regex-foo than myself and can suggest a solution for a regex that bans the Python . operator but doesn't cause issues for decimal points?

Regardless I think this is a good step forward and we're at the point where we should do a new release.

Ok, made some more improvements. I can ban attribute access to everything but .real and .imag, via

_forbidden_re = re.compile('[\;[\:]|__|\.[abcdefghjklmnopqstuvwxyzA-Z_]')

I also strip the string of all whitespace beforehand.

Closing with release of 2.8.5.

Hi @robbmcleod, just wanted to point out that you can still access other attributes because Python translates some utf chars into ascii chars automatically (mainly greek alphabet used in math), thus:

    numexpr.evaluate("(3+1).ᵇit_count()")
    

Results in:

It might be better to whitelist real and imag rather than blacklist chars.

@jan-kubena ok thanks for the heads up. The trouble here is that decimal needs to work, and numbers can appear in variable names, but not at the start. Do you happen to know where the documentation for which character sets are mangled is?

The really proper way to do it would be to back-port the ast parser work I did in for my attempt at making 3.0.

Apparently the pandas group is using dunders as private variables in some of their NumExpr calls.

pandas-dev/pandas#54449

I'm of two minds about this. I could regex against "**\[a-zA-Z0-9\_\]+**" instead of just "\_\_". But for the security conscious, it does feel to me that NumExpr shouldn't be able to access private variables in the locals and globals dictionaries.

Hi folks,

I have a simpler example which also breaks in the new version:

import pandas as pd

name \= "Mass (kg)"
df \= pd.DataFrame({name: \[200, 300, 400\]})
df.query(f"\`{name}\` < 300")

    ValueError: Expression (BACKTICK_QUOTED_STRING_Mass__LPAR_kg_RPAR_) < (300) has forbidden control characters.
    

I understand Mass (kg) is a reasonable column name, so the validation definitely needs more tuning.

Hi folks,  
I'm not sure if it is the same issue here, we are using numexpr for calculations in a pandas dataframe and we are using double underscore in some of our calculations (for instance, a__b) but now it fails in 2.8.5 (working in 2.8.4).  
I have a minimal example without involving pandas:

import numexpr
numexpr.evaluate('a\_\_b / 2', {'a\_\_b': 4})

Or a oneliner:

python -c "import numexpr; print(numexpr.evaluate('a__b / 2', {'a__b': 4}))"

In numexpr==2.8.4 that one works perfectly.  
In numexpr==2.8.5 we have the following:  
ValueError: Expression a__b / 2 has forbidden control characters.

Is it an intentional feature or something that can be workedaround easily (sending some kwarg to ignore the error)?  
We will pin our numexpr requeriments to "<2.8.5" in the meanwhile.

Many thanks!

@nicoddemus and @zorion, just waiting to hear back from Pandas' devs on the original report: pandas-dev/pandas#54449 before I do anything. I've tried in the past to establish some sort of line of communication with them and gotten crickets.

Hi, thanks for your reply.

I think we are having a legit use of dunder but it is not allowed in a breaking change from 2.8.4 to 2.8.5 so we have to fix our version to 2.8.4 (or lower) and this is an ok workaround for now.  
On the other hand, if we had a way to flag "evaluate" that we trust our input we may remove this version restriction. Is it possible to do so?

Many thanks in advance!

> @nicoddemus and @zorion, just waiting to hear back from Pandas' devs on the original report: pandas-dev/pandas#54449 before I do anything. I've tried in the past to establish some sort of line of communication with them and gotten crickets.

Hi, one of the pandas devs here.

I don't maintain the eval code (I don't think anyone still here does anymore), so not really the best person to comment on this.

Is there a way to gate this stricter checking behind an option?  
(For pandas, we have a warning in the docs saying that eval will let users run arbritary code)

Thanks,  
Thomas

@lithomas1 and company,

I see a few approaches here.

1.  We can deprecate the implementation of the __ filter for a immediate release and put it back in for a future release.
2.  We can put in an option to disable the security check. However, I do think it should default to be on.

In order to avoid forcing everyone to do an emergency release, we probably need to do both, assuming the option defaults to sanitize.

> @lithomas1 and company,
> 
> I see a few approaches here.
> 
> 1.  We can deprecate the implementation of the __ filter for a immediate release and put it back in for a future release.
> 2.  We can put in an option to disable the security check. However, I do think it should default to be on.
> 
> In order to avoid forcing everyone to do an emergency release, we probably need to do both, assuming the option defaults to sanitize.

Thanks, this sounds good to me.  
2 is probably good enough for pandas.  
(We are going to be releasing soon anyways in a couple weeks. I think users can be fine pinning numexpr for now).

It would be nice to actually fix pandas, however, I'm not too sure what the future of eval/query will be given its current "zombie"-like state.

There's actually _two_ changes in numexpr 2.8.5 that fail pandas tests - this, and a change to integer overflow behaviour (possibly a result of the negative-powers changes, but I'm not sure yet) pandas-dev/pandas#54546

@rebecca-palmer You can make a new issue if you want, but NumExpr could never cover 2**100 as that's way in excess of 64-bit integers.

@zorion, @nicoddemus, @lithomas1 I made a push in 397cc98 that should hopefully fix these issues, if you could please test?

1.  I improved the blacklisting. It should better match the funny unicode coercion that can be done for the attribute access attack.
2.  It only blocks dunders and not a single double underscore.
3.  You can disable it by calling validate(..., sanitize=False) or equivalently evaluate(..., sanitize=False).

If you have a chance please test and provide me with any feedback you may have.

Hi @robbmcleod,

Thanks for attempting a fix.

My original example now passes, but this one breaks (reduced from the actual code):

import pandas as pd

name \= "II (MM)"
df \= pd.DataFrame({name: \[200, 300, 400\]})
df.query(f"\`{name}\` >= 3.1e-05")

    ValueError: Expression (BACKTICK_QUOTED_STRING_II__LPAR_MM_RPAR_) >= (3.1e-05) has forbidden control characters.
    

The problem in this case seems to be the scientific notation, if I change 3.1e-05 to something that does not format to scientific (say 0.31) then it no longer errors out. If I use the actual number in decimal notation (0.000031) it still fails because it seems internally it formats back to scientific, because it generates the exact same message as above (with 3.1e-05):

import pandas as pd

name \= "II (MM)"
df \= pd.DataFrame({name: \[200, 300, 400\]})
df.query(f"\`{name}\` >= 0.000031")

    ValueError: Expression (BACKTICK_QUOTED_STRING_II__LPAR_MM_RPAR_) >= (3.1e-05) has forbidden control characters.
    

sanitize=False would be great for us, however we call DataFrame.query which does not have that argument yet.

@nicoddemus @robbmcleod I think changing \_attr\_pat to r'.\\b(?!(real|imag|\\d+e?)\\b)' (i.e. adding 'e?') fixes that, but I haven't actually tested it.

Perhaps a more reliable approach would be to use ast.parse, and reject the tree if we find statements, lambdas, dunder import, etc?

@robbmcleod I've added some comments in the commit - do those notify anyone when it's already on the main branch?

It needs to match [eE]?[+-]?. I.e. either 'e' or 'E' can denote scientific notation and then it can be '-' or '+' exponents. It's not a big deal, I just haven't had time to sit down and do it yet. Please be patient.

I definitely don't get notifications on commits.

@nicoddemus I did use ast.parse for the NumExpr-3.0 branch. This is not a trivial fix to backport it. NumExpr 2 has an home-brew AST.

I think that most of the comments are in 397cc98

@robbmcleod Sorry if that looked like a demand to hurry - it was not intended as such, but as a guess that comments that don't notify anyone might _never_ get seen.

Debian now has my version, but it hasn't been through their CI yet.

I'm not sure if I should create a whole new issue for this, but the changes in this commit (which made it into 2.8.5) raise DeprecationWarning: invalid escape sequence '\;' due to the usage \; here, which turns into errors in some CI setups. I left a review comment in 397cc98 to that effect, as well. I can surface this as a bug report of its own if you like.

9b380ae switched to _attr_pat = r'\.\b(?!(real|imag|[eE]?[+-]?\d+)\b)', which probably won't do what you want - I suggest _attr_pat = r'\.\b(?!(real|imag|\d+([eE][+-]?\d+)?)\b)' but I haven't tested that

(The tests don't notice because they use test values without a . (2e-5 not 2.1e-5), which never triggered this issue to begin with. We should maybe change that.)

@rebecca-palmer I don't understand, the point is to disable attribute access. Variable/member names in Python cannot start with a number. So 2.1e-5 should never match the regex because a variable cannot start with 1, for example.

@robbmcleod (?!...) means "does **not** match this", so the items inside the (?!...) (.real, .imag, and numbers with a decimal point) are allowed while other uses of . (other attribute access) are blocked.

kozalosev added a commit to kozalosev/textUtilsBot that referenced this issue

Aug 25, 2023

If no one can think of adding any more tests to this I'll prepare another release?

I'll try and test locally against Pandas as well.

This is out of topic for this issue, but related: is there a link to a discussion to the decision to introduce this check? I ask because using a regex for this seems fragile (as this issue proves), plus the rationale itself seems a bit misguided: if it uses eval behind the covers, I think it would be best to warn users of that fact instead of trying to check that nothing fancy is going on -- because no matter how much the check is well done, it might contain flaws, which will eventually will be passed on to eval, which is a security concern. Perhaps it would make more sense to just let users know that the string is passed on to eval, and the same security concerns apply here.

Ah sorry @rebecca-palmer, seem to have missed it.

I see the suggestion of adding a warning to the docs was given, and then decided to implemented a sanitizer. OK, thanks.

CVE-2023-39631: Warn that evaluate() should not be used on user input · Issue #442 · pydata/numexpr

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function.

Impact

DataEase has a SQL injection vulnerability that Not affected by SQL injection blacklists

The SQL statement is located in the following file location, using the ${} symbol.  
https://github.com/dataease/dataease/blob/dev/backend/src/main/java/io/dataease/ext/query/GridSql.xml  

The SQL injection blacklist is as follows:

Pattern pattern = Pattern.compile("(._\\=._\\- \\-._)|(._(\\+)._)|(._\\w+(%|\\$|#|&)\\w+._)|(._\\|\\|._)|(._\\s+(and|or)\\s+._)" + "|(._\\b(select|update|union|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec| count|master|into|drop|execute|sleep|extractvalue|updatexml|substring|database|concat|ra nd|gtid\_subset)\\b.\*)"); Matcher matcher = pattern.matcher(orders.toLowerCase());

Not affected by SQL injection prevention at this location  

So we can get the database data  

Affected versions: <= 1.18.9

CVE-2023-40771: DataEase has a SQL injection vulnerability that Not affected by SQL injection blacklists · Issue #5861 · dataease/dataease

An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.


CVE-2023-23763: Release notes - GitHub Enterprise Server 3.6 Docs

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter.

CASE 2 Vers. 3.0 unterstützt in Katastrophenfällen das Krisenmanagement dabei, innerhalb kürzester Zeit eine Vielzahl an Informationen digital zu erfassen, zu bündeln und zu filtern. Je nach Erfordernissen können diese Daten abgerufen, mit zusätzlichen Informationen ergänzt und für berechtigte Personengruppen und beispielsweise die Öffentlichkeit aufbereitet werden.

Die Benutzeroberfläche ermöglicht darüber hinaus die Kommunikation innerhalb des Krisenstabes und den dazugehörigen Abteilungen wie beispielsweise dem Call Center Team. Gleichzeitig können Tasks und Arbeitsanweisungen mithilfe des Task Managements zugewiesen und Arbeitsschritte und Vorkommnisse im Logbuch dokumentiert werden.

Mit der Callcenter-Funktionalität erfassen und katalogisieren die Mitarbeiter alle Anrufe und ordnen diese den betroffenen Passagieren zu. Im Mittelpunkt steht dabei die Betreuung der Angehörigen: Von der Organisation der Anreise und Unterkunft bis hin zur Betreuung vor Ort werden sämtliche Daten erfasst und entsprechend aufbereitet.

**Einfache Kommunikation**

Das umfassende System bietet den Einsatzorganisationen und Einsatzleitern eine hoch entwickelte Plattform für die gesamte interne und externe Kommunikation. Einfach in der Anwendung und Administration ist die Software-Lösung ein All-in-one-Tool einerseits für den lückenlosen Austausch mit Mitarbeitern und andererseits, um die Presse, Öffentlichkeit und Angehörige zeitnah zu informieren.

**Visualisierung und Dokumentation**

Sämtliche Daten sind für Berechtigte laufend abrufbar und editierbar, die Visualisierung der Einsatzlage erfolgt somit in Echtzeit. In der wichtigen Aufbereitungsphase greifen die Systembenutzer auf eine umfangreiche Dokumentation zurück, die auch einer rechtlichen Prüfung standhält.

**Digitales Krisenmanagement**

Bei Großereignissen fallen innerhalb kurzer Zeit eine Vielzahl von Informationen an, die digital erfasst, gebündelt und gefiltert werden. Mit CASE 2 erfolgt die Datenerfassung am Ort des Geschehens mit einer webfähigen und plattformunabhängigen Lösung.

**Schnittstellen**

CASE2 Airline bietet einen integrierten Satz von standardisierten Schnittstellen. Datenaustausch ist per XML oder CSV Dateien möglich.

**Reportingfunktionalität**

Aus der Fülle von Daten lassen sich aussagekräftige Reports generieren, die als Entscheidungsgrundlage für den Einsatzleiter dienen können. So erhält der Leiter beispielsweise eine Übersicht aller Anrufer aus einem Bundesland, die einen Angehörigen vermissen und noch auf einen Rückruf warten.

**Echtzeit Lageübersicht**

Die betroffenen Organisationen haben den großen Vorteil, dass die Informationen aller Mitarbeiter automatisch und in Echtzeit erfolgt. Durch die gezielte Bündelung von Daten aus den verschiedensten Quellen ist Contwise CASE2 Airline auch im Bereich der Opferidentifizierung ein enorm wichtiges Hilfsmittel.

**Dublettenschablone**

Dadurch, dass Personendaten oftmals simultan eintreffen, kann es vorkommen, dass Opfer oder Angehörige in Listen doppelt geführt werden. Deshalb wurde in CASE2 Airline ein leistungsfähiger Algorithmus zur Dublettensuche integriert, mit dem es möglich ist, Namen anhand ihrer phonetischen Ähnlichkeit zu erkennen.

**Flexibilität & Erweiterbarkeit**

Da jeder Einsatz anders verläuft und andere Kriterien ausschlaggebend sind, wurde in CASE2 Airline ein flexibler Erweiterungsmechanismus eingebaut. Während des Einsatzfalles können Felder ergänzt und Formulare angepasst werden.

**Zeitzonen optimiert**

Systemzeit ist die UTC. Jeder Mitarbeiter kann jedoch für seinen Zugang seine eigene Zeitzone festlegen. Sämtliche Eingaben des Mitarbeiters werden im Hintergrund in die UTC umgewandelt. So müssen Zeitzonen beim Arbeiten mit CASE2 Airline nicht weiter beachtet werden.

CVE-2023-37826: Contwise Case2 - Startseite

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-37830: CVEs/CVE-2023-37830 at main · Popeye-ITSec/CVEs

A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file.

**Vulnerability Overview**

There is an XSS vulnerability because the editor mishandled when parsing the embed tag in html. The html tag is <embed src="https://c0olw.github.io/pic/1.html">

**Vulnerability Reproduction**

1.  Download the lastest version of Typora from https://typora.io/.
    
    The version when I downloaded was 1.6.7.
    
2.  Use Typora to open or edit a markdown file.
    
    For example, I created a file called “xss test.md” with typora.
    

1.  Enter <embed src="https://c0olw.github.io/pic/1.html"> to let Typora parse the html tags, resulting in the execution of malicious Javascript.
    
    When just entering the embed tag:
    
    After Typora parses the embed tag:
    

版权声明: 本博客所有文章除特别声明外，均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 凉风's Blog！

CVE-2023-39703: Typora XSS Vulnerability

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.

CVE-2023-37829: CVEs/CVE-2023-37829 at main · Popeye-ITSec/CVEs

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string to string a `StringIndexOutOfBoundsException`. 

**hson-java vulnerable to denial of service**

Moderate severity GitHub Reviewed Published Sep 1, 2023 to the GitHub Advisory Database • Updated Sep 1, 2023

GHSA-94w5-rf69-2h6c: hson-java vulnerable to denial of service

An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.

Tag

#git