Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

GHSA-f8c8-4pm7-w885: Cross-Site Request Forgery in CodeChecker API

### Summary Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions. ### Details Security attributes like HttpOnly and SameSite are missing from the session cookie, allowing its use from XHR requests and form submissions. The CodeChecker API endpoints only require the session cookie, they do not require a CSRF token, and missing HTTP headers allow the form submission to succeed (but not XHR). This means that the attacker needs to know the ID of products to edit or delete them, but it does not need knowledge to create new products with the SQLite backend. ### PoC With a superuser logged into CodeChecker. ```html <html><body> <form action="https://codechecker.example.com/v6.58/Products" method="POST" enctype="text/plain"> <input type="text" name='[1,"getProducts",1,1,{}]' value=''> </form> <script>document.forms[0].submit()</script> </body></html> ``` Or the same f...

ghsa
#sql#csrf#vulnerability#web#git#auth
GHSA-jgx4-7v3v-vwfm: Elasticsearch allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

GHSA-3qc3-mx6x-267h: Insecure default config access in WriteFreely

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.

GHSA-8cvq-3jjp-ph9p: Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

# Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 # Description: In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.6.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0.

Threat Actors Exploit a Critical Ivanti RCE Bug, Again

New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors — possibly the same ones as before — are exploiting its edge devices for the nth time.

Chinese APT Group Is Ransacking Japan's Secrets

Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

**Vulnerability Summary** A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay `node` interface. **Affected Components** - Strawberry GraphQL relay integration - Specifically impacts implementations using: - Django integration - SQLAlchemy integration - Pydantic integration **Technical Details** The vulnerability manifests when: 1. Multiple GraphQL types inherit from `relay.Node` 2. These types are mapped to the same database model 3. The global `node` field is used for type resolution Example of vulnerable code: ```python from fruits.models import Fruit import strawberry_django import strawberry @strawberry_django.type(Fruit) class FruitType(relay.Node): name: strawberry.auto @strawberry_django.type(Fruit) class SpecialFruitType(relay.Node): secret_name: ...

ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerabilities: Files or Directories Accessible to External Parties, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Server-Side Request Forgery (SSRF), Improper Neutralization of Special Elements in Data Query Logic, Allocation of Resources Without Limits or Throttling, Weak Password Requirements, Cross-Site Request Forgery (CSRF), Use of Weak Hash, Code Injection, PHP Remote File Inclusion, External Control of System or Configuration Setting, Insufficiently Protected Credentials, Unrestricted Upload of File with Dangerous Type, Absolute Path Traversal, Use of Default Credentials, Off-by-one Error, Use of Default Password, Session Fixation 2. RISK EVALUATION Multiple vulnerabilities in ABB ASPECT-Enterprise, NEXUS, and MATRIX series products have been ...

ABB Cylon Aspect 3.08.02 (CookieDB) SQL Injection

The ABB BMS/BAS controller suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL commands.

ABB Cylon Aspect 3.08.03 (CookieDB) SQL Injection

The ABB BMS/BAS controller suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL commands.