#js

Red Hat Security Advisory 2024-1882-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-1881-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1880-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include denial of service and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-1879-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-1878-03 - An updated version of Red Hat Update Infrastructure is now available. RHUI 4.8 fixes several security an operational bugs, adds some new features and upgrades the underlying Pulp to a newer version. Issues addressed include HTTP request smuggling, crlf injection, denial of service, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1877-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1876-03 - An update for shim is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

### Summary A prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most applications. ### Details ``` emit(context: Context, target: T) { const node = traverseAndCreate(context.controller, this.segments); node[this.lastSegment] = target; this.addListeners(target, node, this.lastSegment); } ``` The emit() function in src/templates/templates.ts is called without sanitizing the variable `this.lastSegment `. The variable `this.lastSegment ` can be set to `__proto__`, and this will pollute the prototype of Javascipt Object (`node['__proto__'] = target`). ### PoC To reproduce this vulnerability, you can adjust the test case `ignores DOM mutations in components\' create()` in `test/dom/ComponentHarness.mocha.js`. ``` it('ignores DOM mutations in components\' ...

# Microsoft Security Advisory CVE-2024-21409 | .NET Elevation of Privilege Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 ,and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A use-after-free vulnerability exists in WPF which may result in Elevation of Privilege when viewing untrusted documents. This is a Windows only vulnerability. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/303 ## <a name="mitigation-factors"></a>Mitigation factors This vulnerability affects only WPF-based applications. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 6.0.28 or earlier. * Any .NET 7.0 application running on .NET 7.0.17 or earlier. * Any .NET 8.0 application running on .N...

Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability.