webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.

CVE-2023-39141 is reserved for this vulnerability

Project link:

https://github.com/ziahamza/webui-aria2/

Vulnerability type:

Path traversal

Root cause: This line https://github.com/ziahamza/webui-aria2/blob/109903f0e2774cf948698cd95a01f77f33d7dd2c/node-server.js#L10 accepts file name from URL input, without sanitizing it to be in the same directory.

PoC:

When \`node-server.js\` is used, an attacker can simply request files outside the serving path

\`curl --path-as-is http://localhost:8888/../../../../../../../../../../../../../../../../../../../../etc/passwd\`

Root cause: Attacker may read any file that the www user can read.

Vulnerable versions:

Right now all versions even latest commit "109903f0e2774cf948698cd95a01f77f33d7dd2c" are vulnerable.

CVE-2023-39141: webui-aria2 CVE-2023-39141

dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y

Skip to content

**Heap-based Buffer Overflow in the makevar() function**

Hi,

I found a **heap buffer overflow write of size 1** in the makevar() function, in dpic.y on dpic 2021.04.10 (commit: d317e406)

Heap buffer overflow issue: for loop in https://gitlab.com/aplevich/dpic/-/blob/master/dpic.y#L5769 as given below:

    void
    makevar(char *s, int ln, double varval)
    {
      nametype *vn, *lastvar, *namptr;
      int j, tstval;
      for (j = 0; j < ln; j++) { chbuf[chbufi + j] = s[j]; }
      ...

And, as per the code, https://gitlab.com/aplevich/dpic/-/blob/master/main.c#L1777

chbuf = malloc (sizeof (chbufarray)); if (chbuf==NULL){ fatal(9); } the sizeof chbufarray of char datatype is: https://gitlab.com/aplevich/dpic/-/blob/master/dpic.h#L78

    typedef Char chbufarray[CHBUFSIZ + 1];

and upper limit of chbuf buffers is CHBUFSIZ which is of 4095 limit so sizeof (chbufarray) becomes 4096 and while running the executable, the value of chbufi can be seen as 4089 for this test file, so it means any value which is greater than 6 will cause heap buffer overflow write in the makevar() function for loop, in this case.

    if ln (second input parameter of makevar()) is 7:
        chbuf[4089 + 6] = s[6];
        chbuf[4095] = s[6];
    
    if ln is greater than 7 like 8 or 9:
        chbuf[4089 + 7] = s[6];
        which is, chbuf[4096] = s[6]; // heap buffer overflow of write 1 byte

And, as per the code: https://gitlab.com/aplevich/dpic/-/blob/master/dpic.y#L5735 as given below, it can be seen as many makevar() function has second input parameter greater than 7

    void
    mkOptionVars(void)
    {
        makevar("dpicopt", 7, drawmode);
        if (safemode) { i = 1; } else { i = 0; }
        makevar("optsafe", 7, i);
        makevar("optMFpic", 8, MFpic);
        makevar("optMpost", 8, MPost);
        makevar("optPDF", 6, PDF);
        makevar("optPGF", 6, PGF);
        makevar("optPict2e", 9, Pict2e);
        makevar("optPS", 5, PS);
        makevar("optPSfrag", 9, PSfrag);
        makevar("optPSTricks", 11, PSTricks);
        makevar("optSVG", 6, SVG);
        makevar("optTeX", 6, TeX);
        makevar("opttTeX", 7, tTeX);
        makevar("optxfig", 7, xfig);
        ...

    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=20.04
    DISTRIB_CODENAME=focal
    DISTRIB_DESCRIPTION="Ubuntu 20.04.2 LTS"

Attaching a reproducer: heap\_bof\_write\_test

the issue can be reproduced by running:

dpic heap_bof_write_test

With ASAN report

    =================================================================
    ==582741==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000001100 at pc 0x000000538ae3 bp 0x7ffead55dc90 sp 0x7ffead55dc88
    WRITE of size 1 at 0x621000001100 thread T0
        #0 0x538ae2 in makevar /home/bsdboy/projects/again/dpic/dpic.y:5769:48
        #1 0x511042 in mkOptionVars /home/bsdboy/projects/again/dpic/dpic.y:5748:5
        #2 0x4de391 in yyparse /home/bsdboy/projects/again/dpic/dpic.y:495:19
        #3 0x4dbcb4 in main /home/bsdboy/projects/again/dpic/main.c:1813:13
        #4 0x7f9a899740b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
        #5 0x41c65d in _start (/home/bsdboy/projects/again/dpic/dpic+0x41c65d)
    
    0x621000001100 is located 0 bytes to the right of 4096-byte region [0x621000000100,0x621000001100)
    allocated by thread T0 here:
        #0 0x4978bd in malloc (/home/bsdboy/projects/again/dpic/dpic+0x4978bd)
        #1 0x4dbb9d in main /home/bsdboy/projects/again/dpic/main.c:1779:11
        #2 0x7f9a899740b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    
    SUMMARY: AddressSanitizer: heap-buffer-overflow /home/bsdboy/projects/again/dpic/dpic.y:5769:48 in makevar
    Shadow bytes around the buggy address:
      0x0c427fff81d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c427fff81e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c427fff81f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c427fff8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c427fff8210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    =>0x0c427fff8220:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c427fff8230: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c427fff8240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c427fff8250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c427fff8260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c427fff8270: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07 
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
      Shadow gap:              cc
    ==582741==ABORTING

Edited May 09, 2021 by Neeraj Pal

CVE-2021-33388: Heap-based Buffer Overflow in the makevar() function (#8) · Issues · Dwight Aplevich / dpic · GitLab

dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.

Skip to content

**Heap Use After Free in the deletestringbox() function (different than #7)**

Hi,

While fuzzing dpic 2021.04.10 (commit: d317e406), I found a heap use-after-free in the cmpstring() function, in dpic.y:L5724.

I have already confirmed the previous issue: #7 (closed) and that is already patched but this seems to be similar but not the same with this input test file and in the same deletestringbox() function.

    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=20.04
    DISTRIB_CODENAME=focal
    DISTRIB_DESCRIPTION="Ubuntu 20.04.2 LTS"

Attaching a reproducer: heap-uaf-read-test-deletestringbox

the issue can be reproduced by running:

dpic heap-uaf-read-test-deletestringbox

    =================================================================
    ==3692838==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d000000060 at pc 0x0000005094cf bp 0x7ffdf2d88ed0 sp 0x7ffdf2d88ec8
    READ of size 8 at 0x60d000000060 thread T0
        #0 0x5094ce in deletestringbox /home/bsdboy/projects/again/dpic/dpic.y:5724:19
        #1 0x4fce1a in yyparse /home/bsdboy/projects/again/dpic/dpic.y:2839:4
        #2 0x4d69ac in main /home/bsdboy/projects/again/dpic/main.c:1813:13
        #3 0x7f638b8eb0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
        #4 0x41c3dd in _start (/home/bsdboy/projects/again/dpic/dpic+0x41c3dd)
    
    0x60d000000060 is located 32 bytes inside of 136-byte region [0x60d000000040,0x60d0000000c8)
    freed by thread T0 here:
        #0 0x4973d2 in free (/home/bsdboy/projects/again/dpic/dpic+0x4973d2)
        #1 0x501778 in deletetree /home/bsdboy/projects/again/dpic/dpic.y:3917:12
        #2 0x50989b in deletestringbox /home/bsdboy/projects/again/dpic/dpic.y:5732:3
        #3 0x4fce1a in yyparse /home/bsdboy/projects/again/dpic/dpic.y:2839:4
        #4 0x4d69ac in main /home/bsdboy/projects/again/dpic/main.c:1813:13
        #5 0x7f638b8eb0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    
    previously allocated by thread T0 here:
        #0 0x49763d in malloc (/home/bsdboy/projects/again/dpic/dpic+0x49763d)
        #1 0x507b27 in newprim /home/bsdboy/projects/again/dpic/dpic.y:4984:13
        #2 0x4deb1a in yyparse /home/bsdboy/projects/again/dpic/dpic.y:892:19
        #3 0x4d69ac in main /home/bsdboy/projects/again/dpic/main.c:1813:13
        #4 0x7f638b8eb0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    
    SUMMARY: AddressSanitizer: heap-use-after-free /home/bsdboy/projects/again/dpic/dpic.y:5724:19 in deletestringbox
    Shadow bytes around the buggy address:
      0x0c1a7fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c1a7fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c1a7fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c1a7fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0c1a7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    =>0x0c1a7fff8000: fa fa fa fa fa fa fa fa fd fd fd fd[fd]fd fd fd
      0x0c1a7fff8010: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
      0x0c1a7fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c1a7fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c1a7fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c1a7fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07 
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
      Shadow gap:              cc
    ==3692838==ABORTING

CVE-2021-33390: Heap Use After Free in the deletestringbox() function (different than #7) (#10) · Issues · Dwight Aplevich / dpic · GitLab

A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

*   Notifications
*   Fork 2.9k

*   Code
*   Issues 811
*   Pull requests 31
*   Discussions
*   Actions
*   Projects 27
*   Security
*   Insights

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

Fix oobread crash in RAnal.hexagon (tests\_64900) ##crash

Reported by giantbranch of NSFOCUS TIANJI Lab

*   Loading branch information

Showing **1 changed file** with **4 additions** and **1 deletion**.

5 changes: 4 additions & 1 deletion libr/anal/p/anal\_hexagon.c

Expand Up

@@ -10,8 +10,11 @@

#include "hexagon\_anal.h"

  

static int hexagon\_v6\_op(RAnal \*anal, RAnalOp \*op, ut64 addr, const ut8 \*buf, int len, RAnalOpMask mask) {

HexInsn hi \= {0};;

HexInsn hi \= {0};

ut32 data \= 0;

if (len < 4) {

return 0;

}

data \= r\_read\_le32 (buf);

int size \= hexagon\_disasm\_instruction (data, &hi, (ut32) addr);

op\->size \= size;

Expand Down

**0 comments on commit 027cd9b**

Please sign in to comment.

CVE-2022-28072: Fix oobread crash in RAnal.hexagon (tests_64900) ##crash · radareorg/radare2@027cd9b

A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

*   Notifications
*   Fork 2.9k

*   Code
*   Issues 811
*   Pull requests 31
*   Discussions
*   Actions
*   Projects 27
*   Security
*   Insights

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

Fix oobread in VAX disassembler (tests\_64920) ##crash

Reported by giantbranch of NSFOCUS TIANJI Lab

*   Loading branch information

Showing **1 changed file** with **1 addition** and **1 deletion**.

2 changes: 1 addition & 1 deletion libr/anal/p/anal\_vax.c

Expand Up

@@ -150,7 +150,7 @@ static int vax\_op(RAnal \*anal, RAnalOp \*op, ut64 addr, const ut8 \*buf, int len,

case 0xfb: // calls

op\->type \= R\_ANAL\_OP\_TYPE\_CALL;

op\->size \= 7;

{

if (len \> 6) {

int oa \= 3;

ut32 delta \= buf\[oa\];

delta |= (ut32)(buf\[oa + 1\]) << 8;

Expand Down

**0 comments on commit 49b0ceb**

Please sign in to comment.

CVE-2022-28069: Fix oobread in VAX disassembler (tests_64920) ##crash · radareorg/radare2@49b0ceb

dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.

Skip to content

GitLab

*   *   GitLab: the DevOps platform
    *   Explore GitLab
    *   Install GitLab
    *   How GitLab compares
    *   Get started
    *   GitLab docs
    *   GitLab Learn
    
*   Pricing
*   Talk to an expert

*   /
    
*   

*   Help
    
    *   Help
    *   Support
    *   Community forum
    
    *   Submit feedback
    *   Contribute to GitLab
    *   Switch to GitLab Next
    
*   *   
    
    Projects Groups Topics Snippets
    
*   Register
*   Sign in

*   Dwight Aplevich
*   dpic
*   Commits
*   d317e406

**Commit d317e406** authored Apr 10, 2021 by  **Dwight Aplevich**

Browse files

**Improved robustness to fuzzed input**

parent 68ab9432

*   Changes 33

Expand all Hide whitespace changes

Inline Side-by-side

*   Neeraj Pal @bsdb0y
    
    mentioned in issue #8 (closed)
    
    · May 09, 2021
    
    mentioned in issue #8 (closed)
    
    mentioned in issue #8
    
    Toggle commit list
    
*   Neeraj Pal @bsdb0y
    
    mentioned in issue #9 (closed)
    
    · May 09, 2021
    
    mentioned in issue #9 (closed)
    
    mentioned in issue #9
    
    Toggle commit list
    
*   Neeraj Pal @bsdb0y
    
    mentioned in issue #10 (closed)
    
    · May 09, 2021
    
    mentioned in issue #10 (closed)
    
    mentioned in issue #10
    
    Toggle commit list
    
*   Neeraj Pal @bsdb0y
    
    mentioned in issue #11 (closed)
    
    · May 09, 2021
    
    mentioned in issue #11 (closed)
    
    mentioned in issue #11
    
    Toggle commit list
    

0% or .

You are about to add **0 people** to the discussion. Proceed with caution.

Finish editing this message first!

Please register or sign in to comment

CVE-2021-32422: Improved robustness to fuzzed input (d317e406) · Commits · Dwight Aplevich / dpic · GitLab

A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.

Expand Up @@ -4766,7 +4766,7 @@ void cmd\_anal\_reg(RCore \*core, const char \*str) { int size \= 0, i, type \= R\_REG\_TYPE\_GPR; int bits \= (core\->anal\->bits & R\_SYS\_BITS\_64)? 64: 32; int use\_colors \= r\_config\_get\_i (core\->config, "scr.color"); RRegItem \*r; RRegItem \*r \= NULL; const char \*use\_color; const char \*name; char \*arg; Expand Down Expand Up @@ -5098,6 +5098,7 @@ void cmd\_anal\_reg(RCore \*core, const char \*str) { arg \= strchr (str + 1, '='); if (arg) { \*arg \= 0; ut64 n \= r\_num\_math (core\->num, arg + 1); char \*ostr \= r\_str\_trim\_dup (str + 1); char \*regname \= r\_str\_trim\_nc (ostr); r \= r\_reg\_get (core\->dbg\->reg, regname, \-1); Expand All @@ -5113,8 +5114,7 @@ void cmd\_anal\_reg(RCore \*core, const char \*str) { if (r) { //eprintf ("%s 0x%08"PFMT64x" -> ", str, // r\_reg\_get\_value (core->dbg->reg, r)); r\_reg\_set\_value (core\->dbg\->reg, r, r\_num\_math (core\->num, arg + 1)); r\_reg\_set\_value (core\->dbg\->reg, r, n); r\_debug\_reg\_sync (core\->dbg, R\_REG\_TYPE\_ALL, true); //eprintf ("0x%08"PFMT64x"\\n", // r\_reg\_get\_value (core->dbg->reg, r)); Expand Down

CVE-2022-28073: Fix uaf crash in aaft (tests_64927) ##crash · radareorg/radare2@59a9dfb

A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.

Expand Up

@@ -504,11 +504,12 @@ R\_API void r\_core\_anal\_type\_match(RCore \*core, RAnalFunction \*fcn) {

char prev\_type\[256\] \= {0};

const char \*prev\_dest \= NULL;

char \*ret\_reg \= NULL;

const char \*pc \= r\_reg\_get\_name (core\->dbg\->reg, R\_REG\_NAME\_PC);

if (!pc) {

free (buf);

const char \*\_pc \= r\_reg\_get\_name (core\->dbg\->reg, R\_REG\_NAME\_PC);

if (!\_pc) {

free (buf);

return;

}

char \*pc \= strdup (\_pc);

RRegItem \*r \= r\_reg\_get (core\->dbg\->reg, pc, \-1);

if (!r) {

free (buf);

Expand Down Expand Up

@@ -778,4 +779,5 @@ R\_API void r\_core\_anal\_type\_match(RCore \*core, RAnalFunction \*fcn) {

free (buf);

r\_cons\_break\_pop();

anal\_emul\_restore (core, hc, dt, et);

free (pc);

}

CVE-2022-28071: Fix UAF in aaft (tests_64923) ##crash · radareorg/radare2@6544881

Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go

fix(pkg/ioutil):avoid panic in PageWriter.Write() when pageBytes is 0

fix(pkg/ioutil): Trigger a panic when pageBytes is illegal in NewPateWriter

update(Test pkg/ioutil):Update TestPageWriterPageBytes

migrate e2e & integration role\_test to common

tests: Migrate Txn tests to common functional test framework

provide a generic assert function

server: Director can be stopped

Goroutine for new directors would live past director scope. Tests
could occassionally fail if this goroutine had log events after
test execution should have ended.

server: Add director interrupt handler

Director's goroutine would not be properly stopped in a non-test
scenario. Handler stops it when process is interrupted.

server: Move director interrupt handler to method

server: Don't register director interrupt handler

remove v2 http proxy in 3.6

tests: Extract cluster test cases

tests: Refactor spawn json command

hide the revision field when it isn't populated

tests: Make common framework context aware

Documentation: Publish v3.5 data inconsistency postmortem

scripts: Avoid additional repo clone

This PR removes additional clone when building artifacts.

When releasing v3.5.4 this clone was main cause of issues and
confusion about what release script is doing.

release.sh script already clones repo in /tmp/ directory, so clonning
before build is not needed. As precautions for bug in script leaving
/tmp/ clone in bad state  I moved "Verify the latest commit has the
version tag" and added "Verify the clean working tree" to be always run
before build.

scripts: Detect staged files before building release

fix a typo: print the correct error info

Governance: Use lazy consensus when needed to make decision

In lack of supermajority, we sometimes required to hold on to
important decisions for long time. In order to speed up, after
giving enough time for supermajority, use lazy consensus.

Encapsulation of applier logic: Move Txn related code out of applier.go.

The PR removes calls to applierV3base logic from server.go that is NOT part of 'application'.
The original idea was that read-only transaction and Range call shared logic with Apply,
so they can call appliers directly (but bypassing all 'corrupt', 'quota' and 'auth' wrappers).

This PR moves all the logic to a separate file (that later can become package on its own).

Encapsulating applier logic: UberApplier coordinates all appliers for server

This PR:
 - moves wrapping of appliers (due to Alarms) out of server.go into uber\_applier.go
 - clearly devides the application logic into: chain of:
     a) 'WrapApply' (generic logic across all the methods)
     b) dispatcher (translation of Apply into specific method like 'Put')
     c) chain of 'wrappers' of the specific methods (like Put).
 - when we do recovery (restore from snapshot) we create new instance of appliers.

The purpose is to make sure we control all the depencies of the apply process, i.e.
we can supply e.g. special instance of 'backend' to the application logic.

Marge applierV3Internal into applierV3 interface

Rename EtcdServer.Id with EtcdServer.MemberId.

It was misleading and error prone vs. ClusterId.

Applier does not depend on EtcdServer any longer.

All the depencies are explicily passed to the UberApplier factory method.

Move server/etcdserver/txn.go to new package: server/etcdserver/txn

Move etcdserver/errors.go to sepatate package to avoid cyclic dependencies.

Move apply to its own package (no dependency on etcdserver).

Apply encapsulation: Cleanup metrics reporting.

Side effect: applySec(0.4s) used to be reported as 0s, now it's correctly 0.4s.

Simplify imports and improve comments.

Move CheckTxnAuth to txn.

Rename package alising "apply2" -> apply.

Rename etcdserver/etcderrors package to etcdserver/errors.

expose UberApplier as interface (not as implementation struct).

Rename the txn, so as not to be the same as the package name.

Fixing missing comment on the dispatch() function.

Rename WrapApply to Apply.

Remove unused code and apply code-quality suggestions.

use go install instead of go get

feat(pkg/ioutil): verify.Assert is introduced into NewPageWritter

add etcd tool binaries into .gitignore

CVE-2022-34038: fix(pkg/ioutil):avoid panic in PageWriter.Write() when pageBytes is 0 by secsys-go · Pull Request #14022 · etcd-io/etcd

Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

**Nagios-XI-Reflected-XSS**

A reflected cross-site scripting (XSS) in Nagios XI 5.7.1 can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

**PoC**

To exploit vulnerability, someone could use a GET request to 'http://\[server\]/includes/components/ccm/' by manipulating 'returnUrl' parameter in the request body to impact users who open a maliciously crafted link or third-party web page.

    http://[server]/includes/components/ccm/?cmd=modify&id=1&page=1&returnUrl=%22%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&type=host

CVE-2020-23992: GitHub - EmreOvunc/Nagios-XI-Reflected-XSS: A reflected cross-site scripting (XSS) in Nagios XI 5.7.1 can result in an attacker performing malicious actions to users who open a maliciously crafted lin

Tag

#git