ghsa

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.

### Impact OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. ### Patches Patched in [07c4641471c6f5c2ab5aab615969e97211eb50d9](https://github.com/OpenTSDB/opentsdb/commit/07c4641471c6f5c2ab5aab615969e97211eb50d9) and further refined in https://github.com/OpenTSDB/opentsdb/commit/fa88d3e4b5369f9fb73da384fab0b23e246309ba ### Workarounds Disable Gunuplot via `tsd.core.enable_ui = true` and remove the shell files https://github.com/OpenTSDB/opentsdb/blob/master/src/mygnuplot.bat and https://github.com/OpenTSDB/opentsdb/blob/master/src/mygnuplot.sh.

### Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. ### Patches The issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 ### Workarounds If you cannot update your version of `PyPDF2` (preferably to `pypdf>3.1.0` as PyPDF2 is deprecated), you should modify `PyPDF2/generic/_data_structures.py::read_object`. Replace: ```python else: # number object OR indirect reference peek = stream.read(20) stream.seek(-len(peek), 1) # reset to start if IndirectPattern.match(peek) is not None: return IndirectObject.read_from_stream(stream, pdf) else: return NumberObject.read_from_stream(stream) ``` by ```python elif tok in b"0123456789+-.": # numb...

### Impact An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. ### Patches https://github.com/py-pdf/pypdf/pull/808 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References * [PyPDF2 PR #808](https://github.com/py-pdf/pypdf/pull/808) * [PyPDF2 Issue #582](https://github.com/py-pdf/pypdf/issues/582)

# x/crisis does not charge ConstantFee ### Impact If a transaction is sent to the `x/crisis` module to check an invariant, the ConstantFee parameter of the chain is NOT charged. All versions of the `x/crisis` module are affected on all versions of the Cosmos SDK. ### Details The `x/crisis` module is supposed to allow anyone to halt a chain in the event of a violated invariant by sending a `MsgVerifyInvariant` with the name of the invariant. Processing this message takes extra processing power hence a `ConstantFee` was introduced on the chain that is charged as extra from the reporter for the extra computational work. This is supposed to avert spammers on the chain making nodes do extra computations using this transaction. By not charging the `ConstantFee`, the transactions related to invariant checking are relatively cheaper compared to the computational need and other transactions. That said, the submitter still has to pay the transaction fee to put the transaction on the network, h...

### Impact An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection. No AWS services are affected by this issue and customers of AWS services do not need to take action. Applications using s2n-quic should upgrade their application to the most recent release of s2n-quic. Impacted version: s2n-quic v1.22.0. ### Patches The patch is included in s2n-quic [v1.23.0](https://github.com/aws/s2n-quic/releases/tag/v1.23.0). If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.

Hnswlib 0.7.0 has a double free in `init_index` when the M argument is a large integer.

A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server.

### Impact When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take [CVE-2022-36100](https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x) as example - it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabi...

### Impact Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: 1. Login as a user without script or programming right. 2. Go to the notifications preferences in your user profile. 3. Disable the "Own Events Filter" and enable notifications in the notification menu for "Like". 4. Set your first name to `{{cache id="security" timeToLive="1"}}{{groovy}}println("Hello from groovy!"){{/groovy}}{{/cache}}` 5. Click on the like button at the bottom left of the user profile. 6. Click on the notifications bell in the top bar and then on "RSS Feed". If the text "Profile of Hello from groovy!" and/or "liked by Hello from groovy!" is displayed, the attack succeeded. The expected result would have been that the entered first name is displayed as-is in the descr...