ghsa

### Impact Affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest limits. ### Patches Versions 1.129.1, 1.122.8, 1.110.23 ### Resources - https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.129.1 - https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.122.8 - https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.110.23 ### Note VictoriaMetrics' security model assumes its APIs are properly secured (e.g. via access control flags or a firewall); this advisory addresses malicious input that should not be possible under a [correctly secured](https://docs.victoriametrics.com/victoriametrics/single-server-victoriametrics/#security) deployment.

### Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the _decode() function in fugue/rpc/flask.py directly uses cloudpickle.loads() to deserialize data without any sanitization. This creates a remote code execution vulnerability when malicious pickle data is processed by the RPC server.The vulnerability exists in the RPC communication mechanism where the client can send arbitrary serialized Python objects that will be deserialized on the server side, allowing attackers to execute arbitrary code on the victim's machine. ### Details _decode() function in fugue/rpc/flask.py directly uses cloudpickle.loads() to deserialize data without any sanitization. ### PoC * Step1: The victim user starts an RPC server binding to open network using the Fugue framework. Here, I use the official RPC server code to initialize the server. * Step2: The attacker modifies the _encode()...

## Description An XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint ``/geoserver/wms`` operation ``GetMap``. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. An XML External Entity attack is a type of attack that occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts. By exploiting this vulnerability, an attacker can: - Read arbitrary files from the server's file system. - Conduct Server-Side Request Forgery (SSRF) to interact with internal systems. - Execute Denial of Service (DoS) attacks by exhausting resources. ## Resolution Update to GeoServer 2.25.6, GeoServer 2.26.3, or GeoServer ...

### Summary A reflected cross-site scripting (XSS) vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLD_BODY parameters. ### Details The WMS service setting that controls HTML auto-escaping is either disabled by default, or completely missing, in the affected versions (see workarounds). ### Impact If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: 1. Perform any action within the application that the user can perform. 2. View any information that the user is able to view. 3. Modify any information that the user is able to modify. 4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. ### Workarounds Changing any of the following WMS service sett...

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote users to inject arbitrary web script or HTML via the Output code field in modules. The payload is executed when a user views or edits an article by adding slice that uses the compromised module.

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.

### Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under sustained malicious traffic. ### Patches This issue is addressed in version 2.2.1.

A credential disclosure vulnerability was found in Grype, affecting versions `v0.68.0` through `v0.104.0`. If registry credentials are defined and the output of grype is written using the `--file` or `--output json=<file>` option, the registry credentials will be included unsanitized in the output file. ## Impact In Grype versions `v0.68.0` through `v0.104.0`, when registry authentication is configured, those credentials can be incorrectly included in the output of a Grype scan (regardless of whether those credentials are actively being used for the current scan). Users that do not have registry authentication configured are not affected by this issue. Registry credentials can be set via the Grype configuration file (e.g. `registry.auth[].username`, `registry.auth[].password`, `registry.auth[].token`) or environment variables (e.g., `GRYPE_REGISTRY_AUTH_USERNAME`, `GRYPE_REGISTRY_AUTH_PASSWORD`, `GRYPE_REGISTRY_AUTH_TOKEN`). In order for the authentication details to be improperly ...

### Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. ### Patches User should upgrade OMERO.web to 5.29.3 or higher. ### Workarounds None. ### Resources https://github.com/jquery-form/form/issues/604