Latest News

### Summary A user with admin permission can read and download arbitrary zip files when downloading auto backups. The file name used to identify the zip file is not properly sanitized when passed to `res.download` API. ### Details - file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/admin.js#L671-L682 ```js router.get( "/auto-backup-download/:filename", isAdmin, error_catcher(async (req, res) => { const { filename } = req.params; // [1] source [...] if ( !isRoot || !(filename.startsWith(backup_file_prefix) && filename.endsWith(".zip")) // [2] ) { res.redirect("/admin/backup"); return; } const auto_backup_directory = getState().getConfig("auto_backup_directory"); res.download(path.join(auto_backup_directory, filename), filename); // [3] sink }) ); ``` ### Steps to reproduce (PoC) - create a file with `.zip` extension under `/tmp` folder: ``` echo "secret12345" > /tmp/secret.zip ``` - log...

Dubai Silicon Oasis, United Arab Emirates, 3rd October 2024, CyberNewsWire

### Impact - Service Disruption: The server may become unresponsive or extremely slow, potentially leading to downtime. - Resource Exhaustion: Excessive use of server resources, such as CPU and memory, could negatively impact other services running on the same infrastructure. - User Experience Degradation: Users may experience delays or failures when accessing the service, which could lead to frustration and loss of trust in the service. ### Patches 1. Upgrade to v7.0.10 2. Use [SchemaBuilder.limit_directives](https://docs.rs/async-graphql/latest/async_graphql/struct.SchemaBuilder.html#method.limit_directives) to limit the maximum number of directives for a single field.

### Impact In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue. > [!NOTE] > This advisory does not indicate the presence of a Prototype Pollution within the Sentry SDK itself. Users are strongly advised to first address any Prototype Pollution vulnerabilities in their application, as they pose a more critical security risk. ### Patches The issue was patched in all Sentry JavaScript SDKs starting from the [8.33.0](https://github.com/getsentry/sentry-javascript/releases/tag/8.33.0) version. ### References * [Prototype Pollution](https://portswigger.net/web-security/prototype-pollution) * [Prototype Pollution gadgets](https://portswigger.net/web-security/prototype-pollution#prototype-pollution-gadgets) * [sentry-javascript#13838](https://github.com/getsentry/sentr...

### Impact This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website's content, or perform actions on behalf of the victim. ### Patches The problem has not been patched yet. Users should upgrade to patched versions once they become available. Currently affected versions are: * 2.6.4 * 2.5.20 ### Workarounds Until an official patch is released, users can implement additional input validation and output encoding for the 'slug' parameter in the MediaStreamController's downloadAction method. Alternatively, configuring a Web Application Firewall (WAF) to filter potentially malicious input could serve as a temporary mitigation. ### References * GitHub repository: https://github.com/sulu/sulu * Vulnerable code: https://g...

In Sulu v2.0.0 through v2.6.4 are vulnerable against XSS whereas a low privileged user with an access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ (other users including admins) browsers.

Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice.

Although the veto was a setback, it highlights key debates in the emerging field of AI governance and the potential for California to shape the future of AI regulation.

New Linux malware ‘Perfctl’ is targeting millions worldwide, mimicking system files to evade detection. This sophisticated malware compromises…

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. "This