#web

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resources and sensitive information.

### Impact Anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. ### Patches The problem is fixed in version 7.2. ### Workarounds The problem can be fixed by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`. ### References https://github.com/zopefoundation/AccessControl/issues/159

### Summary The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. ### Details The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method: <https://github.com/reactiveui/refit/blob/258a771f44417c6e48e103ac921fe4786f3c2a1e/Refit/RequestBuilderImplementation.cs#L1328> This method does not check for CRLF characters in the header value. This means that any headers added to a refit request are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. ### PoC The below example code creates a console app that takes one command line variable (a bearer token) and then makes a request to some status page with the provided token inserted in the "Authorization" header: ```c# using Refit; internal class Program { private static void Main(string[] args) { ...

The security researcher who notified the media of the breach will be free from the city's lawsuit, but not without a caveat.

Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records…

An issue in the `createTempFile` method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.

This week on the Lock and Code podcast, we speak with Cait Conley about CISA's election security measures and why your vote can't be hacked.

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher...

If you searched for your bank's login page via Bing recently, you may have visited a fraudulent website enabling criminals to get your credentials and even your two-factor security code.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.