#web

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Oracle denies breach claims as hacker alleges access to 6 million cloud records. CloudSEK reports a potential zero-day exploit affecting 140,000 tenants.

### Summary Function [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html) ### Details See [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) ### Impact Excessive memory allocation

Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China.

Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.

The release of the JFK assassination records also resulted in the leak of hundreds of Social Security Numbers

A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability was introduced in 2e95e1fc6e2064ccfae87964b4860bda55eddb9a and fixed in 15147cea8e42f6569a11603d661d71122f6a02dc. ### Impact _What kind of vulnerability is it? Who is impacted?_ This vulnerability allows a remote attacker with network access to exploit the preference restoration mechanism by providing a compressed payload that expands dramatically upon decompression. The issue arises because the system automatically decompresses user-supplied data without enforcing size limits, potentially leading to: - Out-of-memory (OOM) conditions - OS-level resource exhaustion, potentially leading to broader system instability or cra...

### Summary Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the fail of a websocket handshake will trigger a local reply leading to the crash of Envoy. ### PoC If both websocket and ext_proc are enabled, a failed handshake will trigger a local reply, thus ext_proc will crash. ### Mitigation 1. Disable websocket traffic 2. Change the websocket response from backend to always return `101 Switch protocol` based on RFC. 3. Apply the patch and the ext_proc filter will not send the local reply that is generated by Envoy to the ext_proc server for processing. 4. Apply the patch that the router will cancel the upstream requests when sending a local reply. ### Impact Denial of service ### Reporter Vasilios Syrakis Fernando Cainelli

# Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. # Patches * For Next.js 15.x, this issue is fixed in `15.2.3` * For Next.js 14.x, this issue is fixed in `14.2.25` * For Next.js versions `11.1.4` thru `13.5.6`, consult the below workaround. # Workaround If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the `x-middleware-subrequest` header from reaching your Next.js application. ## Credits - Allam Rachid (zhero;) - Allam Yasser (inzo_)