Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

A week with a "smart" car

In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability.

TALOS
Open in Source
#vulnerability#web#mac#windows#microsoft#linux#cisco#git#intel#rce#auth
GHSA-8g98-m4j9-qww5: Taylored webhook validation vulnerabilities

### Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5 #### Summary A series of moderate to high-severity security vulnerabilities have been identified specifically in version **7.0.7 of \`taylored\`**. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this version. They could allow a malicious actor to read arbitrary files from the server, download paid patches without completing a valid purchase, and weaken the protection of encrypted patches. **All users who have installed or generated a \`taysell-server\` using version 7.0.7 of \`taylored\` are strongly advised to immediately upgrade to version 7.0.8 (or later) and follow the required mitigation steps outlined below.** Versions prior to 7.0.7 did not include the Taysell functionality and are therefore not affected by these specific issues. #### Vulnerabilities Patched in v7.0.8 Version 7.0.8 addresses the following issues found in the v7.0.7 template: 1. **Path Traversal in ...

GHSA-48p4-8xcf-vxj5: urllib3 does not control redirects in browsers and Node.js

urllib3 [supports](https://urllib3.readthedocs.io/en/2.4.0/reference/contrib/emscripten.html) being used in a Pyodide runtime utilizing the [JavaScript Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API) or falling back on [XMLHttpRequest](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest). This means you can use Python libraries to make HTTP requests from your browser or Node.js. Additionally, urllib3 provides [a mechanism](https://urllib3.readthedocs.io/en/2.4.0/user-guide.html#retrying-requests) to control redirects. However, the `retries` and `redirect` parameters are ignored with Pyodide; the runtime itself determines redirect behavior. ## Affected usages Any code which relies on urllib3 to control the number of redirects for an HTTP request in a Pyodide runtime. ## Impact Redirects are often used to exploit SSRF vulnerabilities. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects may remain vul...

GHSA-pq67-6m6q-mj2v: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

urllib3 handles redirects and retries using the same mechanism, which is controlled by the `Retry` object. The most common way to disable redirects is at the request level, as follows: ```python resp = urllib3.request("GET", "https://httpbin.org/redirect/1", redirect=False) print(resp.status) # 302 ``` However, it is also possible to disable redirects, for all requests, by instantiating a `PoolManager` and specifying `retries` in a way that disable redirects: ```python import urllib3 http = urllib3.PoolManager(retries=0) # should raise MaxRetryError on redirect http = urllib3.PoolManager(retries=urllib3.Retry(redirect=0)) # equivalent to the above http = urllib3.PoolManager(retries=False) # should return the first response resp = http.request("GET", "https://httpbin.org/redirect/1") ``` However, the `retries` parameter is currently ignored, which means all the above examples don't disable redirects. ## Affected usages Passing `retries` on `PoolManager` instantiation to disab...

AgentSmith Flaw in LangSmith’s Prompt Hub Exposed User API Keys, Data

A CVSS 8.8 AgentSmith flaw in LangSmith's Prompt Hub exposed AI agents to data theft and LLM manipulation. Learn how malicious AI agents could steal API keys and hijack LLM responses. Fix deployed.

GHSA-px2c-r924-mwcc: Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates

The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.

GHSA-2hw3-h8qx-hqqp: OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

XSS via `.py` file containing script tag interpreted as HTML ## Summary A vulnerability exists in the file preview/browsing feature of the application, where files with a `.py` extension that contain JavaScript code wrapped in `<script>` tags may be interpreted and executed as HTML in certain modes. This leads to a stored XSS vulnerability. ## Affected Versions * <= 4.0.0-rc.3 ## PoC Create a `.py` file with arbitrary JavaScript content wrapped in `<script>` tags. For example: ```javascript <script>alert(document.cookie);</script> ``` When a victim views the file in browsing mode (e.g., a rendered preview), the JavaScript is executed in the browser context. --- ## Attack vector An attacker can place such a `.py` file in the system via remote channels, such as: * Convincing a webmaster to download or upload the file; * Tricking users into accessing a file link via public URLs. ## Required permissions * None, if public or visitor access is enabled. * If the file is uploade...

GHSA-crvv-6w6h-cv34: Grafana long dashboard title or panel name causes unresponsives

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.

GHSA-2hcm-q3f4-fjgw: OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.