Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-7hmm-wg23-2w7m: Ryu Infinite Loop vulnerability

`OFPGroupDescStats` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `OFPBucket.len=0`.

ghsa
Open in Source
#vulnerability#dos#git
GHSA-m9vm-8mv9-v5v3: Ryu Infinite Loop vulnerability

`OFPFlowStats` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `inst.length=0`.

GHSA-c7w6-33j3-j3mx: Ryu Infinite Loop vulnerability

`OFPBucket` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `action.len=0`.

GHSA-ffp9-pfq9-g2ww: Ryu Infinite Loop vulnerability

`OFPMultipartReply` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `b.length=0`.

GHSA-fgpw-cx3v-wj95: Ryu Infinite Loop vulnerability

`OFPPacketQueue` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `OFPQueueProp.len=0`.

GHSA-59p2-v62x-gxj8: Ryu Infinite Loop vulnerability

`OFPHello` in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via `length=0`.

GHSA-hr2r-w6wc-25pv: Zenario uses Twig filters insecurely in the Twig Snippet plugin

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.

GHSA-7qwj-gcjf-828f: Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting

The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.)

GHSA-hfrv-h3q8-9jpr: kurwov vulnerable to Denial of Service due to improper data sanitization

### Summary An unsafe sanitization of dataset contents on the `MarkovData#getNext` method used in `Markov#generate` and `Markov#choose` allows a maliciously crafted string on the dataset to throw and stop the function from running properly. ### Details https://github.com/xiboon/kurwov/blob/0d58dfa42135ab40e830e92622857282f980ca89/src/MarkovData.ts#L38-L44 If a string contains a forbidden substring (i.e. `__proto__`) followed by a space character, the second line will access a special property in `MarkovData#finalData` by removing the last character of the string, bypassing the dataset sanitization (as it is supposed to be already sanitized before this function is called). `data` is then defined as the special function found in its prototype instead of an array. On the last line, `data` is then indexed by a random number, which is supposed to return a string but returns undefined as it's a function. Calling `endsWith` then throws. ### PoC https://runkit.com/embed/m6uu40r5ja9b ### ...

GHSA-qq22-jj8x-4wwv: Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

### Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. ### Workarounds Enabling the `api.disable_remote_download` option or updating to the latest version of Wings are the only known workarounds. ### Patches https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8