The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

Tenable Advisory ID

TRA-2022-33

CVSSv3 Base / Temporal Score

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Delta Electronics DIAEnergie v1.9

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

 BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Nessus Professional Free**

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

**Buy Nessus Professional**

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io

BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable.io Web Application Scanning**

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

**Buy Tenable.io Web Application Scanning**

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable.io Container Security**

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

**Buy Tenable.io Container Security**

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

**Thank You**

Thank you for your interest in the Tenable.io Container Security program. A representative will be in touch soon.

**Try Tenable Lumin**

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable.sc**

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable.ot**

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Thank You**

Thank you for your interest in Tenable.ot. A representative will be in touch soon.

**Request a demo of Tenable.ad**

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Try Tenable.cs**

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

**Contact a Sales Rep to Buy Tenable.cs**

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

**Thank You**

Thank you for your interest in Tenable.cs. A representative will be in touch soon.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**Thank You**

Thank you for your interest in Tenable One. A representative will be in touch soon.

**See Tenable.asm In Action**

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable.asm. A representative will be in touch soon.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

CVE-2022-43775: Delta Electronics DIAEnergie Multiple Vulnerabilities

A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2022-3671: CVE_demo/eLearning System-SQL injections.md at main · anx0ing/CVE_demo

Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.

**UX/UI Improvements**

*   Added support for streaming file uploads directly to S3 storage disks via the stream_uploads option on the disk configuration. Requires the Winter.DriverAWS plugin.
*   Added support for the data-request-parent attribute to the AJAX framework, allowing AJAX requests to include the data from the elements that spawned them which allows for highly complex workflows where popups spawn popups and then those popups need to call their own AJAX handlers but the page previously didn't know to initialize them without their parent data being present. This fixes support of the RecordFinder inside of popups like the RelationController's update & pivot forms as well as the FileUpload's description form popup inside of other popups.
*   Switched the winter:up / migrate commands to use the new Laravel CLI components for improved output formatting.
*   Added support for type: range Form fields.
*   Added support for the conditions property on List Columns with a relationship defined via the relation property.
*   Added support for changing an image's extension / file type when using the ImageResizer to resize the image.
*   Added support for ignoring specific Mix packages to avoid including third-party Mix packages in your application's package.json unnecessarily.
*   Clicking the label of a switch field will now toggle the switch.
*   Increased the width of the crop dimension inputs when cropping or resizing an image in the Media widget.
*   Standard HTML flash messages that are converted to JavaScript flash messages through Snowboard are now removed once converted, to prevent the original message from remaining even after the flash message is dismissed.
*   The autogenerated password for the default administrator account is now displayed in the winter:install command output and can be changed through the wizard.
*   Documented app.tempPath configuration option.
*   Added winter:password as an alias for winter:passwd.
*   Minor CSS improvements.

**API Changes**

*   Removed the default maxlength of 255 from type: text Form fields.
*   The twig.environment.cms Twig environment is no longer provided as a singleton, instead being generated on each request to App::make(). This helps to avoid conflicts when calling the CMS controller multiple times in the same request.
*   Deprecated the Winter\Storm\Database\Behaviors\Purgeable behavior as the Purgeable trait is now included by default on all Winter models.
*   Added the backend.formwidgets.fileupload.onUpload event to allow for custom handling of file uploads in the FileUpload FormWidget.
*   Added the backend.widgets.uploadable.onUpload event to allow for custom handling of file uploads in the widgets that implement the Backend\Traits\UploadableWidget trait.
*   Added the formwidgets.fileupload.initUploader Snowboard global JS event to allow for interacting with the FileUpload's JS uploader instance.
*   Added the formwidgets.richeditor.init Snowboard global JS event to allow for interacting with the RichEditor's JS editor instance.
*   Added the widgets.mediamanager.initUploader Snowboard global JS event to allow for interacting with the MediaManager's JS uploader instance.
*   Switched visibility of getRelationModel() from protected to public on the Backend\Traits\FormModelWidget trait.
*   Switched visibility of getOptionsFromModel() from protected to public on the Backend\Widgets\Form widget.
*   Added the following methods to the Backend\Traits\UploadableWidget trait to make it easier to customize upload behaviour:
    *   uploadableGetDisk()
    *   uploadableGetUploadPath()
    *   uploadableGetUploadUrl()
*   Added the following model relation events:
    *   model.relation.beforeAdd($relationName, $relatedModel)
    *   model.relation.afterAdd($relationName, $relatedModel)
    *   model.relation.beforeRemove($relationName, $relatedModel)
    *   model.relation.afterRemove($relationName, $relatedModel)
    *   model.relation.beforeAssociate($relationName, $relatedModel)
    *   model.relation.afterAssociate($relationName, $relatedModel)
    *   model.relation.beforeDisassociate($relationName)
    *   model.relation.afterDisassociate($relationName)
*   A new mix:run Artisan command has been added to allow scripts defined in the package.json file of a Mix package to be run easily through the CLI. You can find the documentation here.
*   The AJAX framework and Snowboard framework now both enforce either a class name dot (.) or an ID hash (#) to be prefixed to any partials that are to be updated in an AJAX response. This includes any mapped selectors.
*   Snowboard JavaScript AJAX requests now accept two or three parameters, similar to the old framework. When using two parameters, the user only needs to specify the handler and options - it is assumed in this case that the AJAX requests is detached and not tied to an element.
*   Added Winter\Storm\Database\Traits\HasSortableRelations trait to make it easier to sort related records on a model.
*   Added support for ** as a wildcard when setting the application's trusted proxies. This was originally supported in fideloper/trustedProxy but was removed without explanation in Laravel 5.6. * will trust the currently requesting IP address, ** will trust all proxies in a chain of proxies (often required if you are behind something like CloudFront and another proxy). This was required for retrieving the correct Client IP address when using Laravel Vapor.
*   Properties added to Model instances via addDynamicProperty() are now automatically added as purgeable attributes to prevent them from being saved to the database.
*   Added the Arr::moveKeyToIndex($array, $targetKey, $index) helper method to make it easier to move a specific array element to the specified index.
*   Added the Str::unique($str, $items, $separator, $step) helper method that ensures the provided string will be unique when compared to the provided array by adjusting the string with the separator & step as necessary. Useful for filename deplication or other deduplication of unique references.
*   Added the Str::join($items, $glue, $lastGlue, $dyadicGlue) helper method to join an array of items with a glue string, optionally using a different glue string for the last item and for the dyadic item case (only two items). By default this applies the "Oxford / Serial Comma" gramatical construct when listing items.
*   Added the fromStorage() helper method to the Winter\Storm\Database\Attach\File model class in order to create a new file record from a file path that already exists on the file model's storage disk.
*   Added new Winter\Storm\Console\Traits\HandlesCleanup trait to the base Winter Command class that makes it easier to implement cross-platform cleanup logic on your CLI commands when process termination signals are received.
*   Added support for root level paths in the Halcyon DbDatasource, required for Child Theme support.
*   Added support for exit codes in mix:compile. Also added support for the --silent, --stop-on-error, and --manifest flags.

**Bug Fixes**

*   The winter:test command now automatically uses the correct bootstrap file for unit testing, irrespective of the bootstrap configuration in any plugin or module's phpunit.xml file, to assist users migrating their unit tests to Winter 1.2.
*   Fixed issue where plugins weren't being correctly sorted by their dependencies when depending on a plugin that registers itself as a replacement which could cause migrations to run in the incorrect order.
*   Fixed typo in the MediaManager widget that was preventing SVGs from displaying their previews in the sidebar.
*   Fixed issue when attempting to generate a TailwindCSS theme scaffold on a case sensitive file system.
*   Fixed mismatching method signature on AutoDatasource->lastModified() that could cause issues when using DatabaseTemplates in v1.2.
*   Fixed issue where MorphedByMany relationships would use the wrong class name when building queries.
*   Removed an override to the Input::all() facade method, which prevented files from being included in the result, breaking previous behaviour.
*   Removed an extra 0 that was left over in numberrange filter partials.
*   Fixed an issue where only the last component would be saved in a CMS template due to the framework not correctly processing arrayed POST data.
*   Fixed an issue with the winter:fresh command where the demo plugin was not removed and an error message was shown.
*   The Array Source trait will no longer attempt to save a temporary SQLite DB if storage is disabled via setting $cacheArray to false.
*   Fixed an issue where custom AJAX error responses were being mangled by the Snowboard Request class, before sending off to the error handlers. If an error does not appear to be a PHP exception with an exception class and message, it will now pass through the response untouched (but still be considered an error response).
*   Fixed an issue where the File model's fromUrl() method would not correctly determine the file's mimeType if the file was delivered with a Content-Type header that was incorrectly capitalized.
*   Fixed an issue where migrations using anonymous classes could not be run more than once in a single process.
*   Fixed support for the Laravel ClassName@method syntax for event listeners.
*   Fixed issue where custom pivot models were not being used when using the attach method on a BelongsToMany relationship.
*   Fixed support for queueing emails (was broken by a change in Laravel 7 that was missed in the Winter v1.2 upgrade).
*   Fixed support for hidden files in Zip folders on systems without support for GLOB\_BRACE (Solaris, Alpine Linux, etc).
*   Fixed issue that occurred when attempting to dynamically add HasOneThrough|HasManyThrough relations to models.
*   Improved support for Winter < v1.2 mail configurations.
*   Fixed breaking change in Laravel 9.36 with the Winter\Storm\Console\Command's alert() method.
*   Fixed issue with identifying currently installed versions of plugins when the versions reported by the filesystem do not match exactly (i.e. with or without the "v" prefix) the versions reported by the database.
*   Fixed issue where Snowboard assets loaded via the {% snowboard %} Twig tag were not taking into account the configured app.asset_url of the application.
*   Fixed issue where the Status backend Dashboard Widget would break on clean installs.
*   Improved the reliability of the System's first boot date by storing it as a system parameter instead of relying on the oldest present plugin.
*   Fixed an issue where migrations were not ran if a notes output instance is not available to the migrator.
*   Fixed an issue where attempting to crop images with unsafe characters in their path would fail.
*   Fixed support for Winter Mix commands on Windows.
*   Fixed an issue where attempting to crop / resize images that were bigger than the viewport window would fail when using the TailwindUI backend skin.
*   Fixed issue when attempting to preview a CSV column with the ImportExportController behavior.
*   Fixed issue where the codeeditor and richeditor fields were not properly triggering change events when their contents were changed.
*   Fixed issue where custom error messages sent via AJAX and processed by Snowboard would not be properly handled.
*   Fixed issue where the jobs / failed_jobs table structure did not match that of Laravel 9.

**Security Improvements**

*   Prototype hardening has been implemented on the Snowboard framework to prevent prototype pollution. You may read the security advisory for more information.
*   Fixed issue where the AuthManager's persistence cookie was not respecting the configuration values set in config/session.php.
*   Added a new Svg helper class to make it easier to work with SVG files. Currently one method (extract()) is availabel which sanitizes and optionally minifies the provided SVG file making it safer to deal with.
*   Added migrate to the list of commands that require plugins to have the $elevated property set in order to run when the command is being run.

**Translation Improvements**

*   Fixed a misnamed language string for the custom editor HTML styles input.
*   Improved German translation.
*   Improved Vietanamese translation.
*   Improved Ukrainian translation.
*   Improved Russian translation.

**Performance Improvements**

*   Slightly optimised searching for used slugs with models using the Sluggable trait by runnning an "exists" query as opposed to a "count" query.

**Community Improvements**

*   The Winter CMS module sub-split is now automated, ensuring that the module repositories are now automatically updated with the latest changes as soon as they are committed to the main repository.
*   The base System\Tests\Bootstrap\PluginTestCase class has been signficantly refactored to improve testing in plugins. While it is mostly backwards-compatible, the method runPluginRefreshCommand is now deprecated and will be removed in the Winter CMS 1.3 branch. Please use the instantiatePlugin method instead if you have overridden the core plugin test case methods.

**Dependencies**

*   Moved the Laravel configuration file writing functionality out of the Winter\Storm library and into it's own standalone Winter\LaravelConfigWriter library. This was done in order to reuse it in the web installer, but also means that any Laravel application can take advantage of this package.
*   Made the Composer merge plugin less greedy by default, previously it would merge in all plugin composer.json files that existed in your project, now it will only merge in specific plugin paths defined in your project's composer.json. Copy the changes from GitHub in order to apply it to your projects.

**New Contributors**

*   @cstorus made their first contribution in #616
*   @simonmannsfeld made their first contribution in #623
*   @quangtrongonline made their first contribution in #636
*   @nathanlesage made their first contribution in #665
*   @vllvll made their first contribution in #669
*   @robertalexa made their first contribution in #668
*   @iamyigitkoc made their first contribution in #624
*   @hecc127 made their first contribution in #682
*   @prsuhas made their first contribution in #723

**Full Changelog**: v1.2.0...v1.2.1

CVE-2022-39357: Release v1.2.1 · wintercms/winter

Red Hat Security Advisory 2022-7209-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: libksba security update  
Advisory ID:       RHSA-2022:7209-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7209  
Issue date:        2022-10-26  
CVE Names:         CVE-2022-3515  
====================================================================  
1. Summary:

An update for libksba is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as  
the CMS easily accessible by other applications.  Both specifications are  
building blocks of S/MIME and TLS.

Security Fix(es):

* libksba: integer overflow may lead to remote code execution  
(CVE-2022-3515)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2135610 - CVE-2022-3515 libksba: integer overflow may lead to remote code execution

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
libksba-1.3.5-8.el8_1.src.rpm

aarch64:  
libksba-1.3.5-8.el8_1.aarch64.rpm  
libksba-debuginfo-1.3.5-8.el8_1.aarch64.rpm  
libksba-debugsource-1.3.5-8.el8_1.aarch64.rpm

ppc64le:  
libksba-1.3.5-8.el8_1.ppc64le.rpm  
libksba-debuginfo-1.3.5-8.el8_1.ppc64le.rpm  
libksba-debugsource-1.3.5-8.el8_1.ppc64le.rpm

s390x:  
libksba-1.3.5-8.el8_1.s390x.rpm  
libksba-debuginfo-1.3.5-8.el8_1.s390x.rpm  
libksba-debugsource-1.3.5-8.el8_1.s390x.rpm

x86_64:  
libksba-1.3.5-8.el8_1.i686.rpm  
libksba-1.3.5-8.el8_1.x86_64.rpm  
libksba-debuginfo-1.3.5-8.el8_1.i686.rpm  
libksba-debuginfo-1.3.5-8.el8_1.x86_64.rpm  
libksba-debugsource-1.3.5-8.el8_1.i686.rpm  
libksba-debugsource-1.3.5-8.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3515  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1klltzjgjWX9erEAQivSxAAgzKR6f0zSUXg33N9wnNA6a0Lb4bEsIF7  
al4nC4pjng1Mp/saxg4m7/pH98bX5fQkRVqBirGUsHRbGTT9ThUgQkhO2iIwL6dS  
21qzdeOPOZzw9HCeXtltUk+fs+RGUGnUIbN08wCn0Qsi6eqNmSqOx8lDf7AYL5CU  
4K5O3S7fYg1uFe1iwoZ3+myv0TYGcDuQ8Qsu9MoGigTU7cy4HFWkte72FtJQUd1y  
LClk7tOw0qMIgzAoTli1RqV8GKWO96HbuaQwQ+c+uKt+oc3tM2K9CMXnO5v3lkhn  
Fm7Si+iKnCw5vuwLmLOnpYCnsGkqIDx1FjwBlnkV8VUO7q3RTwFoq7422PV9/uqp  
uDrsmrHaykT1h28gczlR/iwDV9Xfk5gw9xBIyQC49pFtGOeJCeXweyYUL5i3GD3x  
SnE6WfD82XST1exLu4ptNJ6eyoSBzNawsW6bxrUEOHhAU7aWCFiddgt5/NZ9Hw/6  
TMkheHN8OVmMEA4+iVxjZcSQL32T/8g4LZZGCCNTY00lzVbpfLezufeLu5ZtivZ4  
+4hDOCXx9P9U2HdCRhCtbDP0gSrv3atb/6jy8B8rSlPIDabq6sreJQIQjI8auxKB  
HQbRZoiZrpNesS8hpmKEQuVUkFIsXY2/TLOxrfDIXJucNMRNXHJv2LB5BqqneDyl  
T2k6Cn0IE1E=UF8/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7209-01

feathers-sequelize is vulnerable to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection.

**feathers-sequelize vulnerable to SQL injection due to improper parameter filtering**

Critical severity GitHub Reviewed Published Oct 26, 2022 • Updated Oct 31, 2022

GHSA-5hq7-j5wq-p227: feathers-sequelize vulnerable to SQL injection due to improper parameter filtering

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.

**PENDING feathers-sequelize contains improper input validation leading to SQL injection**

Critical severity GitHub Reviewed Published Oct 26, 2022 • Updated Oct 31, 2022

GHSA-qpv8-4pjq-qqh7: PENDING feathers-sequelize contains improper input validation leading to SQL injection

Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection

CVE-2022-29822

CVE-2022-2422: Redirecting…

CVE-2022-2422

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

from logging import getLogger from django.conf import settings from django.db import models from django.db.models import UniqueConstraint, Q from django.contrib.postgres import fields as psql\_fields from django.contrib.postgres import search as psql\_search from django\_lifecycle import AFTER\_UPDATE, BEFORE\_UPDATE, hook from pulpcore.plugin.models import ( BaseModel, Content, Remote, Repository, RepositoryVersion, Distribution, SigningService, Task, EncryptedTextField, ) from .downloaders import AnsibleDownloaderFactory log \= getLogger(\_\_name\_\_) class Role(Content): """ A content type representing a Role. """ TYPE \= "role" namespace \= models.CharField(max\_length\=64) name \= models.CharField(max\_length\=64) version \= models.CharField(max\_length\=128) @property def relative\_path(self): """ Return the relative path of the ContentArtifact. """ return self.contentartifact\_set.get().relative\_path class Meta: default\_related\_name \= "%(app\_label)s\_%(model\_name)s" unique\_together \= ("version", "name", "namespace") class Collection(BaseModel): """A model representing a Collection.""" namespace \= models.CharField(max\_length\=64, editable\=False) name \= models.CharField(max\_length\=64, editable\=False) def \_\_str\_\_(self): """Return a representation.""" return f"<{self.\_\_class\_\_.\_\_name\_\_}: {self.namespace}.{self.name}\>" class Meta: unique\_together \= ("namespace", "name") class CollectionImport(models.Model): """A model representing a collection import task details.""" task \= models.OneToOneField( Task, on\_delete\=models.CASCADE, editable\=False, related\_name\="+", primary\_key\=True ) messages \= models.JSONField(default\=list, editable\=False) class Meta: ordering \= \["task\_\_pulp\_created"\] def add\_log\_record(self, log\_record): """ Records a single log message but does not save the CollectionImport object. Args: log\_record(logging.LogRecord): The logging record to record on messages. """ self.messages.append( {"message": log\_record.msg, "level": log\_record.levelname, "time": log\_record.created} ) class Tag(BaseModel): """A model representing a Tag. Fields: name (models.CharField): The Tag's name. """ name \= models.CharField(max\_length\=64, unique\=True, editable\=False) def \_\_str\_\_(self): """Returns tag name.""" return self.name class CollectionVersion(Content): """ A content type representing a CollectionVersion. This model is primarily designed to adhere to the data format for Collection content. That spec is here: https://docs.ansible.com/ansible/devel/dev\_guide/collections\_galaxy\_meta.html Fields: authors (psql\_fields.ArrayField): A list of the CollectionVersion content's authors. contents (models.JSONField): A JSON field with data about the contents. dependencies (models.JSONField): A dict declaring Collections that this collection requires to be installed for it to be usable. description (models.TextField): A short summary description of the collection. docs\_blob (models.JSONField): A JSON field holding the various documentation blobs in the collection. manifest (models.JSONField): A JSON field holding MANIFEST.json data. files (models.JSONField): A JSON field holding FILES.json data. documentation (models.CharField): The URL to any online docs. homepage (models.CharField): The URL to the homepage of the collection/project. issues (models.CharField): The URL to the collection issue tracker. license (psql\_fields.ArrayField): A list of licenses for content inside of a collection. name (models.CharField): The name of the collection. namespace (models.CharField): The namespace of the collection. repository (models.CharField): The URL of the originating SCM repository. version (models.CharField): The version of the collection. requires\_ansible (models.CharField): The version of Ansible required to use the collection. is\_highest (models.BooleanField): Indicates that the version is the highest one in the collection. Relations: collection (models.ForeignKey): Reference to a collection model. tag (models.ManyToManyField): A symmetric reference to the Tag objects. """ TYPE \= "collection\_version" \# Data Fields authors \= psql\_fields.ArrayField(models.CharField(max\_length\=64), default\=list, editable\=False) contents \= models.JSONField(default\=list, editable\=False) dependencies \= models.JSONField(default\=dict, editable\=False) description \= models.TextField(default\="", blank\=True, editable\=False) docs\_blob \= models.JSONField(default\=dict, editable\=False) manifest \= models.JSONField(default\=dict, editable\=False) files \= models.JSONField(default\=dict, editable\=False) documentation \= models.CharField(default\="", blank\=True, max\_length\=2000, editable\=False) homepage \= models.CharField(default\="", blank\=True, max\_length\=2000, editable\=False) issues \= models.CharField(default\="", blank\=True, max\_length\=2000, editable\=False) license \= psql\_fields.ArrayField(models.CharField(max\_length\=32), default\=list, editable\=False) name \= models.CharField(max\_length\=64, editable\=False) namespace \= models.CharField(max\_length\=64, editable\=False) repository \= models.CharField(default\="", blank\=True, max\_length\=2000, editable\=False) version \= models.CharField(max\_length\=128, editable\=False) requires\_ansible \= models.CharField(null\=True, max\_length\=255) is\_highest \= models.BooleanField(editable\=False, default\=False) \# Foreign Key Fields collection \= models.ForeignKey( Collection, on\_delete\=models.PROTECT, related\_name\="versions", editable\=False ) tags \= models.ManyToManyField(Tag, editable\=False) \# Search Fields search\_vector \= psql\_search.SearchVectorField(default\="") @property def relative\_path(self): """ Return the relative path for the ContentArtifact. """ return "{namespace}-{name}-{version}.tar.gz".format( namespace\=self.namespace, name\=self.name, version\=self.version ) def \_\_str\_\_(self): """Return a representation.""" return f"<{self.\_\_class\_\_.\_\_name\_\_}: {self.namespace}.{self.name} {self.version}\>" class Meta: default\_related\_name \= "%(app\_label)s\_%(model\_name)s" unique\_together \= ("namespace", "name", "version") constraints \= \[ UniqueConstraint( fields\=("collection", "is\_highest"), name\="unique\_is\_highest", condition\=Q(is\_highest\=True), ) \] class CollectionVersionSignature(Content): """ A content type representing a signature that is attached to a content unit. Fields: data (models.BinaryField): A signature, base64 encoded. # Not sure if it is base64 encoded digest (models.CharField): A signature sha256 digest. pubkey\_fingerprint (models.CharField): A fingerprint of the public key used. Relations: signed\_collection (models.ForeignKey): A collection version this signature is relevant to. signing\_service (models.ForeignKey): An optional signing service used for creation. """ PROTECTED\_FROM\_RECLAIM \= False TYPE \= "collection\_signature" signed\_collection \= models.ForeignKey( CollectionVersion, on\_delete\=models.CASCADE, related\_name\="signatures" ) data \= models.TextField() digest \= models.CharField(max\_length\=64) pubkey\_fingerprint \= models.CharField(max\_length\=64) signing\_service \= models.ForeignKey( SigningService, on\_delete\=models.SET\_NULL, related\_name\="signatures", null\=True ) class Meta: default\_related\_name \= "%(app\_label)s\_%(model\_name)s" unique\_together \= ("pubkey\_fingerprint", "signed\_collection") class DownloadLog(BaseModel): """ A download log for content units by user, IP and org\_id. """ content\_unit \= models.ForeignKey( Content, on\_delete\=models.CASCADE, related\_name\="download\_logs" ) user \= models.ForeignKey( settings.AUTH\_USER\_MODEL, on\_delete\=models.CASCADE, null\=True, related\_name\="download\_logs", ) ip \= models.GenericIPAddressField() extra\_data \= models.JSONField(null\=True) user\_agent \= models.TextField() repository \= models.ForeignKey( Repository, on\_delete\=models.CASCADE, related\_name\="download\_logs" ) repository\_version \= models.ForeignKey( RepositoryVersion, null\=True, on\_delete\=models.SET\_NULL, related\_name\="download\_logs" ) class RoleRemote(Remote): """ A Remote for Ansible content. """ TYPE \= "role" class Meta: default\_related\_name \= "%(app\_label)s\_%(model\_name)s" class CollectionRemote(Remote): """ A Remote for Collection content. """ TYPE \= "collection" requirements\_file \= models.TextField(null\=True) auth\_url \= models.CharField(null\=True, max\_length\=255) token \= EncryptedTextField(null\=True) sync\_dependencies \= models.BooleanField(default\=True) signed\_only \= models.BooleanField(default\=False) @property def download\_factory(self): """ Return the DownloaderFactory which can be used to generate asyncio capable downloaders. Upon first access, the DownloaderFactory is instantiated and saved internally. Plugin writers are expected to override when additional configuration of the DownloaderFactory is needed. Returns: DownloadFactory: The instantiated DownloaderFactory to be used by get\_downloader() """ try: return self.\_download\_factory except AttributeError: self.\_download\_factory \= AnsibleDownloaderFactory(self) return self.\_download\_factory @hook( AFTER\_UPDATE, when\_any\=\["url", "requirements\_file", "sync\_dependencies", "signed\_only"\], has\_changed\=True, ) def \_reset\_repository\_last\_synced\_metadata\_time(self): AnsibleRepository.objects.filter( remote\_id\=self.pk, last\_synced\_metadata\_time\_\_isnull\=False ).update(last\_synced\_metadata\_time\=None) class Meta: default\_related\_name \= "%(app\_label)s\_%(model\_name)s" class GitRemote(Remote): """ A Remote for Collection content hosted in Git repositories. """ TYPE \= "git" metadata\_only \= models.BooleanField(default\=False) git\_ref \= models.TextField() class Meta: default\_related\_name \= "%(app\_label)s\_%(model\_name)s" class AnsibleCollectionDeprecated(Content): """ A model that represents if a Collection is \`deprecated\` for a given RepositoryVersion. """ TYPE \= "collection\_deprecation" namespace \= models.CharField(max\_length\=64, editable\=False) name \= models.CharField(max\_length\=64, editable\=False) class Meta: default\_related\_name \= "%(app\_label)s\_%(model\_name)s" unique\_together \= ("namespace", "name") class AnsibleRepository(Repository): """ Repository for "ansible" content. Fields: last\_synced\_metadata\_time (models.DateTimeField): Last synced metadata time. """ TYPE \= "ansible" CONTENT\_TYPES \= \[ Role, CollectionVersion, AnsibleCollectionDeprecated, CollectionVersionSignature, \] REMOTE\_TYPES \= \[RoleRemote, CollectionRemote\] last\_synced\_metadata\_time \= models.DateTimeField(null\=True) gpgkey \= models.TextField(null\=True) class Meta: default\_related\_name \= "%(app\_label)s\_%(model\_name)s" permissions \= (("modify\_ansible\_repo\_content", "Can modify ansible repository content"),) def finalize\_new\_version(self, new\_version): """Finalize repo version.""" removed\_collection\_versions \= new\_version.removed( base\_version\=new\_version.base\_version ).filter(pulp\_type\=CollectionVersion.get\_pulp\_type()) \# Remove any deprecated and signature content associated with the removed collection \# versions for version in removed\_collection\_versions: version \= version.cast() signatures \= new\_version.get\_content( content\_qs\=CollectionVersionSignature.objects.filter(signed\_collection\=version) ) new\_version.remove\_content(signatures) other\_collection\_versions \= new\_version.get\_content( content\_qs\=CollectionVersion.objects.filter(collection\=version.collection) ) \# AnsibleCollectionDeprecated applies to all collection versions in a repository, \# so only remove it if there are no more collection versions for the specified \# collection present. if not other\_collection\_versions.exists(): deprecations \= new\_version.get\_content( content\_qs\=AnsibleCollectionDeprecated.objects.filter( namespace\=version.namespace, name\=version.name ) ) new\_version.remove\_content(deprecations) @hook(BEFORE\_UPDATE, when\="remote", has\_changed\=True) def \_reset\_repository\_last\_synced\_metadata\_time(self): self.last\_synced\_metadata\_time \= None class AnsibleDistribution(Distribution): """ A Distribution for Ansible content. """ TYPE \= "ansible" class Meta: default\_related\_name \= "%(app\_label)s\_%(model\_name)s"

Tag

#sql