#js

In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules.

In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.

### Impact An attacker can send an invalid `Content-Type` header that can cause the application to crash, leading to a possible Denial of Service attack. Only the v4.x line is affected. (This was updated: upon a close inspection, v3.x is not affected after all). ### Patches Yes, update to `> v4.8.0`. ### Workarounds You can reject the malicious content types before the body parser enters in action. ```js const badNames = Object.getOwnPropertyNames({}.__proto__) fastify.addHook('onRequest', async (req, reply) => { for (const badName of badNames) { if (req.headers['content-type'].indexOf(badName) > -1) { reply.code(415) throw new Error('Content type not supported') } } }) ``` ### References See the HackerOne report [#1715536](https://hackerone.com/bugs?report_id=1715536&subject=fastify) ### For more information [Fastify security policy](https://github.com/fastify/fastify/security/policy)

An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. The

An update for rh-ruby27-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41816: ruby: buffer overflow in CGI.escape_html * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

An update for rh-ruby30-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41816: ruby: buffer overflow in CGI.escape_html * CVE-2021-41817: ruby: Regular expression denial of service vulnerability of Date parsing methods * CVE-2021-41819: ruby: Cookie prefix spoofing in CGI::Cookie.parse * CVE-2022-28738: Ruby: Double free in Regexp compilation * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable.

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.

fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed in commit `fbb07e8d` and will be included in release version 4.8.1. Users are advised to upgrade. Users unable to upgrade may manually filter out http content with malicious Content-Type headers.