#git

## Impact wallabag was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily disable 2FA through `/config/otp/app/disable` and `/config/otp/email/disable`. This vulnerability has a CVSSv3.1 score of 4.3. **You should upgrade your instance to version 2.6.7 or higher.** ## Resolution These endpoints now require POST method. ## Credits We would like to thank @dhina016 for reporting this issue through huntr.dev. Reference: https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487/

An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.

Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability.

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.

An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

## Impact **Remote Server-Side Request Forgery (SSRF)** **Issue**: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions `0.1.0` to `0.8.1`. **Mitigation**: The user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the [allowed_urls](https://github.com/pytorch/serve/blob/b3eced56b4d9d5d3b8597aa506a0bcf954d291bc/docs/configuration.md?plain=1#L296) and specifying the model URL to be used. A pull request to warn the user when the default value for `allowed_urls` is used has been merged - https://github.com/pytorch/serve/pull/2534. TorchServe release `0.8.2` includes this change. ## Patches ## TorchServe release 0.8.2 includes fixes to address the previou...

## Impact **Use of Open Source Library potentially exposed to RCE** **Issue**: Use of a version of the SnakeYAML `v1.31 `open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target system. This issue is present in versions `0.3.0` to `0.8.1`. **Mitigation**: A pull request to address this issue has been merged - https://github.com/pytorch/serve/pull/2523. TorchServe release `0.8.2` includes this fix. ## Patches ## TorchServe release 0.8.2 includes fixes to address the previously listed issue: https://github.com/pytorch/serve/releases/tag/v0.8.2 **Tags for upgraded DLC release** User can use the following new image tags to pull DLCs that ship with patched TorchServe version 0.8.2: x86 GPU * v1.9-pt-ec2-2.0.1-inf-gpu-py310 * v1.8-pt-sagemaker-2.0.1-inf-gpu-py310 x86 CPU * v1.8-pt-ec2-2.0.1-inf-cpu-py310 * v1.7-pt-sagemaker-2.0.1-inf-cpu-py310 G...

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.