#js

Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.

Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.

### Impact In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Within Directus this applies to the "Run Script" operation in flows being able to escape the sandbox running code in the main nodejs context. ### Patches Patched in v10.6.0 by replacing `vm2` with `isolated-vm` ### Workarounds None ### References https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.

Ubuntu Security Notice 6370-1 - It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ModSecurity incorrectly handled certain HTTP multipart requests. A remote attacker could possibly use this issue to bypass ModSecurity restrictions.

Italia Mediasky CMS version 2.0 suffers from a cross site request forgery vulnerability.

Chrome suffers from a read-only property overwrite in TurboFan.

Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35941: A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check. * CVE-2023-35944: A flaw was found in Envoy that allows for mixed-case sche...

Red Hat OpenShift Service Mesh Containers for 2.4.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35942: A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. This issue can be triggered by a listener discovery service (LDS) update with the same gRPC access log configuration.

### Impact An attacker could crash the server by sending malformed JWT JSON in `LoginPacket` due to a security vulnerability in [`netresearch/jsonmapper`](https://github.com/cweiske/JsonMapper), due to accepting `NULL` values in arrays whose types do not expect `NULL`. ### Patches This problem was fixed in 5.3.1 and 4.23.1 by updating JsonMapper to include the following commit: pmmp/netresearch-jsonmapper@4f90e8dab1c9df331fad7d3d89823404e882668c ### Workarounds A plugin may handle `DataPacketReceiveEvent` for `LoginPacket` and check that none of the input arrays contain `NULL` where it's not expected, but this is rather cumbersome.